After the mass demonstrations, Infy hacker group launched a cyber-attack to target protesters and their contacts abroad

Ddos January 9, 2018 2 minutes read

A retrospective review: Reuters reported that on 28 December, Iran suddenly broke out against government demonstrations and quickly spread to many major cities including Tehran, Mashhad, Hamadan, and Shah Rudd. The wave of government protests against the government was caused by the discontent with economic difficulties, rising prices and corruption, the largest protest in Iran since 2009.

Foreign media January 7, after cybersecurity company said mass demonstrations, Iran Infy hacker may try to attack the protesters and their network of foreign contacts. At present, Iranian authorities have a wider scope of repression against protesters and political dissidents, including anyone who contacts the target groups.

According to experts from Palo Alto Networks, Iranian Infy hackers have been active at least since 2007, with malware attacks covering Iran and abroad. It is reported that, unlike other Iran-based foreign aid to state sponsors, Infy’s organization seems to be focused on rebels and dissidents.

Infy malware was first submitted to VirusTotal in August 2007, while experts found that the C & C domain names used in its oldest sample were also associated with malicious activity in December 2004. Not only that, but Colin Anderson, a researcher, confirmed that Infy attackers have conducted numerous malware assaults on Iranian civil society since the end of 2014. Over the years, its author has implemented many new features to continuously improve Infy malware.

Related media said that in response to the recent mass demonstrations, the Iranian government also tried to shield the Internet by shielding the protests, such as the blockade of messaging services such as Instagram and Telegram.

Source: SecurityAffairs