Cybersecurity experts have revealed that hackers affiliated with Iran launched a series of cyberattacks, compromising a total of 34 entities across three countries.
The attacks, between March 2021 and June 2022, were carried out by the state-sponsored hacking group known as Charming Kitten, primarily focused on Israel but also affected Brazilian and Emirati organizations.
According to a report released by cybersecurity firm ESET, the cyber operations were executed using a specific backdoor malware called Sponsor. The hacking group exploited a software vulnerability in Microsoft Exchange servers to gain access to their targets, delivering the malware to the victim's technical infrastructure.
The malware enables hackers to execute their commands on the compromised servers of the targeted companies and steal sensitive information.
Companies in various sectors, including financial services, engineering, manufacturing, technology, law, telecommunications, and more, were among the victims of the regime-backed hackers. Additionally, a healthcare company in Brazil also fell victim to the attacks.
No specific information has been provided about the Emirati organization targeted.
Researchers from ESET have emphasized that the companies were targeted due to their failure to update their software infrastructure.
The incident followed warnings issued in 2021 by several cybersecurity organizations in the United States, the United Kingdom, and Australia about the potential threat of Iranian regime hackers exploiting vulnerabilities in Microsoft Exchange servers.