20 Million Mobile Users’ Data Leaked in Iran

This week we hear about how 20 Million Mobile Users’ Data Leaked in Iran and how a Hacking Tool Targets Energy Grids.

Breach

20 Million Mobile Users’ Data Leaked in Iran

Iran’s second largest mobile operator, Irancell, had nearly 20 million of its customers’ data leaked online, the biggest data breach known in Iran’s history. The information was leaked by a bot known as MTN Pro Bot on a messaging app, Telegram, which is used extensively by Iranians. The personal information that was obtained included full name, landline phone number, national code, city, address and postal code. 

 A few days after the leak was discovered, a 19-year-old computer student was arrested. The bot was banned and removed by the Ministry of Information and Communications Technology of Iran.

References: 20 million Iranian mobile users' data leaked but operator denies being hacked | Ministry Plugs Irancell Data Leak

Mitigation Strategies:

  • Anti-virus would detect file infection on the local host
  • FIM solution would detect any type of file modification or addition
  • Web filtration to prevent users from clicking on malicious websites

Malware

Hacking Tool Targets Energy Grids

Cybersecurity researchers at SentinelOne discovered a piece of malware, Furtim’s Parent, that’s targeting energy grid systems. Specifically, Furtim’s Parent is a dropper, which is a program designed to download install additional malware. Its purpose is to prepare the field for additional tasks and remain undetected, gain privileges, and disable any existing security protection.

Due to the malware’s sophisticated and detailed nature, the researchers believe it was developed by a team of hackers working for the government, most likely from Eastern Europe.

References: Stealthy cyberespionage malware targets energy companies | Sophisticated Malware Found on the Network of a European Energy Company | Furtim's Parent, Stuxnet-like Malware, Aimed at Energy Firms

Mitigation Strategies:

  • FIM solution would detect any type of file modification or addition
  • Security Operations Center team provides 24x7 security monitoring, daily log review, web application firewall management and advanced anomaly detection. 
  • Mail filtration would scan incoming files and hyperlinks of any malicious links or code
  • Web filtration to prevent users from clicking on malicious websites

Top 20 IP Addresses

13.95.146.117 116.31.116.51
14.123.205.242 5.45.74.251
64.95.100.85 46.109.168.179
188.118.2.26 91.224.160.108
221.194.44.223 121.18.238.22
185.110.132.201 81.183.56.217
118.170.130.207 221.194.44.219
121.18.238.9 121.18.238.32
193.169.52.222 221.194.44.218
121.18.238.19 91.224.161.103

*IP addresses provided by Recorded Future.