Iranian hackers use Israeli hostage site for cyber attacks - report

According to Mandiant, the hacker group identified as UNC1546, or Tortoiseshell, is heavily linked to Iran’s Islamic Revolutionary Guard Corps (IRGC).

 A smartphone with a displayed Iranian flag with the word "Cyberattack" and binary codes over it is placed on a computer motherboard in this illustration taken February 23, 2023. (photo credit: DADO RUVIC/REUTERS)
A smartphone with a displayed Iranian flag with the word "Cyberattack" and binary codes over it is placed on a computer motherboard in this illustration taken February 23, 2023.
(photo credit: DADO RUVIC/REUTERS)

Iranian hackers reportedly created a fake site in support of the Israeli hostages held by Hamas to carry out cyber attacks against Israeli targets, the Google-owned cybersecurity firm Mandiant announced on Wednesday. 

According to Mandiant, the hacker group identified as UNC1546, or Tortoiseshell, is heavily linked to Iran’s Islamic Revolutionary Guard Corps (IRGC).

In its most recent activity, under the cover of the Bring Them Home Now movement, calling for the return of the hostages, the hackers spread malware entitled MINIBUS. Installing it triggered a decoy under the guise of an application related to the hostages. 

Cyber Attack, illustration. (credit: INGIMAGE)
Cyber Attack, illustration. (credit: INGIMAGE)

Other methods used by the hackers

In an additional MINIBUS incident, a decoy was set via a quiz application. 

The UNC1546 hackers also spread links with false job offers related to defense and tech positions, in which were malicious payloads. 

According to the cybersecurity firm, as part of the hackers’ activity, the group also targeted Middle Eastern aerospace, aviation, and defense industries, according to the cybersecurity firm. It lists with certitude that Israel and the United Arab Emirates, with Turkey, India, and Albania being additional potential targets.