Iranian actors that are possibly backed by segments of that nation’s government are likely behind an on-going cyberespionage campaign that most recently targeted the Australian Parliament.
The group named Iridium is the likely culprit, reported Resecurity® in a recent report, which gave an extensive look at the gang, its targets and some of its past operations. The company did not directly tie Iridium to Iran, but laid out a the circumstantial evidence that may point in that direction.
The Australian attacks began on December 23, 2018, when two government agencies were penetrated resulting in a two-stage attack taking place in January and February 2019.
Resecurity® said the first stage was oriented toward Windows-based server-side environments with the second state of the attack happening in February 2019, leveraging targeted email compromise through a government Global Access List. This list gave Resecurity® one of its best clues to indicate Iridium had penetrated into the Australian system as the security firm found the list in a file confirmed as being used by Iridium... Please continue the article at the source
