Several Israeli Websites Compromised by Iranian Threat Actor CopyKitten
IsraelDefense
| 31/03/2017
On March 29, 2017, the German Federal Office for Information Security (BSI) said in a statement that the website of Israeli newspaper Jerusalem Post was manipulated and linked to a harmful third party. The statement read as follows:
After the cyber attack on the German Bundestag in 2015, some protective functions that the BSI has established for government networks have also been adopted by the German Bundestag for its own networks. Since the beginning of January 2017, the BSI, as the national cyber security agency, has been in close contact with the German Bundestag, due to the network traffic of the German Bundestag. At the request of the German Bundestag the BSI analyzed these problems in network traffic. The technical analyses have been completed. The website of the Jerusalem Post was manipulated and linked to a harmful third party. Within the framework of the analysis, however, the BSI has not discovered any malicious software; infections are also not known to the BSI.
As part of ClearSky's monitoring of Iranian threat agents activities, they have detected that since October 2016 and until the end of January 2017, the Jerusalem Post, as well as multiple other Israeli websites and one website in the Palestinian Authority were compromised by Iranian threat agent CopyKittens. Based on timeframe and nature of the compromises, ClearSky estimates with high certainty that the statement by German Federal Office for Information Security refers to the same incidents.
For the complete analysis, click here.
[Source: ClearSky]
On March 29, 2017, the German Federal Office for Information Security (BSI) said in a statement that the website of Israeli newspaper Jerusalem Post was manipulated and linked to a harmful third party. The statement read as follows:
After the cyber attack on the German Bundestag in 2015, some protective functions that the BSI has established for government networks have also been adopted by the German Bundestag for its own networks. Since the beginning of January 2017, the BSI, as the national cyber security agency, has been in close contact with the German Bundestag, due to the network traffic of the German Bundestag. At the request of the German Bundestag the BSI analyzed these problems in network traffic. The technical analyses have been completed. The website of the Jerusalem Post was manipulated and linked to a harmful third party. Within the framework of the analysis, however, the BSI has not discovered any malicious software; infections are also not known to the BSI.
As part of ClearSky's monitoring of Iranian threat agents activities, they have detected that since October 2016 and until the end of January 2017, the Jerusalem Post, as well as multiple other Israeli websites and one website in the Palestinian Authority were compromised by Iranian threat agent CopyKittens. Based on timeframe and nature of the compromises, ClearSky estimates with high certainty that the statement by German Federal Office for Information Security refers to the same incidents.
For the complete analysis, click here.
[Source: ClearSky]
