Security vendor Cybereason published a document recently indicating Iran's MalKamaki Cyber threat group has operated in the wild and stayed undetected by using Dropbox's cloud storage service since 2018.
https://www.infosectrain.com/courses/offensive-cyber-security-engineer-training/
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
ย
How are Iranian hackers utilizing Dropbox in a cyber-espionage campaign.pptx
1. How are Iranian hackers utilizing
Dropbox in a cyber-espionage
campaign?
www.infosectrain.com | sales@infosectrain.com
2. www.infosectrain.com | sales@infosectrain.com
Security vendor Cybereason published a document recently indicating Iran's
MalKamaki Cyber threat group has operated in the wild and stayed undetected by
using Dropbox's cloud storage service since 2018. Companies in the telecoms and
aerospace industries were targeted, including those in the Middle East, Russia, and
Europe.
3. www.infosectrain.com | sales@infosectrain.com
Cybereason researchers Assaf Dahan, Daniel Frank, Tom Fakterman, and Chen Erlich
wrote in the report that the intrusions are motivated by a cyberespionage campaign
against a very small set of carefully selected targets. This can be affirmed by the fact that
very few samples have been detected in telemetry or in the wild since 2018, as compared
to commodity malware, which is most widely distributed.
"ShellClient," a Remote Access Trojan (RAT), is the primary tool used by the group to
compromise systems and spread around networks undetected by antivirus software.
Using Dropbox file storage as a command and control platform is one of the more
interesting tactics adopted by the group. It is possible for the malware to control and
transfer files without being detected by network monitoring tools by running checks every
two seconds via the Dropbox API.
In the report, it was noted that the malware's C2 communications were quite unique,
involving 'cold files' being saved to a remote Dropbox instead of a common interactive
session. Interestingly, this method of communication is a form of Operational Security, as
it undermines the ability to track threat actors' infrastructure by utilizing a public service
like Dropbox
4. www.infosectrain.com | sales@infosectrain.com
One of the questions raised during the investigation was, "How far back can the malware
be traced?" the researchers said. "First, it was assumed to have been developed recently
since there was no publicly accessible documentation or anything like that." Although the
code indicates that the sample analyzed is version 4.0, this implies there are several
previous versions.
Are you also willing to learn more tricks, tools, concepts, threats, and attacks, of
cybersecurity? Then join InfosecTrain to get the best quality training.
InfosecTrain
InfosecTrain is a leading provider of consultancy services, certifications, and training in
information technology and cyber safety. Our accredited and skilled trainers will help you
understand cybersecurity and information security and improve the skills needed. Not
only do they give you the best training, but they will also expose you to new challenges
that will be very helpful to you in the coming future. Enroll in our Cyber Security course
today to experience the practical sessions and excellent training from the best trainers.
5. About InfosecTrain
โข Established in 2016, we are one of the finest
Security and Technology Training and
Consulting company
โข Wide range of professional training programs,
certifications & consulting services in the IT
and Cyber Security domain
โข High-quality technical services, certifications
or customized training programs curated with
professionals of over 15 years of combined
experience in the domain
www.infosectrain.com | sales@infosectrain.com
7. Why InfosecTrain Global Learning Partners
Flexible modes
of Training
Tailor Made
Training
Post training
completion
Certified and
Experienced Instructors
Access to the
recorded
sessions
www.infosectrain.com | sales@infosectrain.com
10. Contact us
Get your workforce reskilled
by our certified and
experienced instructors!
IND: 1800-843-7890 (Toll Free) / US: +1 657-722-11127 /
UK : +44 7451 208413
sales@infosectrain.com
www.infosectrain.com