MuddyWater uses hacked CCTV cameras to help guide missiles: Amazon also found supporting threat intel evidence for another Iran-linked incident involving cyber espionage and missile strikes that has received some official confirmation.After the US strikes against Iran’s nuclear sites in June, Iran retaliated by launching a barrage of missiles against Israel, targeting cities such as Tel Aviv and Jerusalem. A former Israeli cybersecurity official warned that Iranian operatives were trying to access private surveillance cameras to assess the impact of their strikes and improve their accuracy.Israel’s National Cyber Directorate also confirmed to Bloomberg at around the same time that CCTV systems were increasingly targeted by Iranian hackers.Amazon’s data shows that MuddyWater, a threat group linked to an Iranian company acting as a front for Iran’s Ministry of Intelligence and Security (MOIS), accessed a compromised server containing live CCTV streams from Jerusalem days before a widespread Iranian missile attack against the city.Access to the compromised CCTV server was achieved via server infrastructure that MuddyWater had set up in May for its cyber operations, showing a direct link to the group.The targeting of CCTV cameras for intelligence gathering in support of military operations is not unique to Iran. In May 2024, intelligence agencies from the US and multiple NATO countries warned in a joint advisory that Russia’s military intelligence agency, the GRU, hacked into cameras at key locations, such as near border crossings, military installations, and rail stations, in Ukraine and neighboring countries. The goal was to track the movement of materials into Ukraine as part of aid shipments.”For the cybersecurity community, this research serves as both a warning and a call to action,” Amazon’s Moses said. “Defenders must adapt their strategies to address threats that span both digital and physical domains. Organizations that historically believed they weren’t of interest to threat actors could now be targeted for tactical intelligence.”Amazon suggests organizations should expand their threat modeling to consider how their compromised IT systems could be used to support physical attacks, especially the operators of critical infrastructure, maritime systems, urban surveillance networks, and other data sources that could be used to aid targeting in kinetic operations. The company has coined the term “cyber-enabled kinetic targeting” for cyber operations whose goal is to facilitate and enhance kinetic military operations.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4093375/iranian-apt-hacks-helped-direct-missile-strikes-in-israel-and-the-red-sea.html
