Iran-linked hacker group targets Turkey’s cyber network

Iran-linked hacker group targets Turkey’s cyber network
Short Url
Updated 18 February 2022

Iran-linked hacker group targets Turkey’s cyber network

Iran-linked hacker group targets Turkey’s cyber network
  • With rapprochement underway with Israel and Gulf, more malware attacks can be expected, analyst tells Arab News 
  • Tehran uses cyberwarfare as an extension of its foreign and security policies, claims expert 

ANKARA: Iran has escalated its longstanding cyber campaign against Turkey through state-sponsored hackers, who have targeted high-profile governmental and private websites in the country since November 2021.

Experts believe that the upgraded cyber assault is a reaction against Turkey’s attempts to normalize ties with countries such as the UAE, Saudi Arabia and Israel.

MuddyWater, a hacker group linked to Iran’s Ministry of Intelligence and Security, is allegedly behind these cyber attacks, which involve infection vectors such as malicious PDF attachments and Microsoft Office documents embedded in phishing emails.

These malicious documents were titled in the Turkish language so they would present as legitimate texts coming from the Turkish health and interior ministries.

The malware attack was first observed by CISCO Talos Intelligence Group, one of the world’s biggest commercial threat-focused intelligence teams.

The emails to the target’s enterprise contained a link to a compromised website and used the name of the target institution as a parameter in the URL.

BACKGROUND

MuddyWater, a hacker group linked to Iran’s Ministry of Intelligence and Security, is allegedly behind these cyberattacks, which involve infection vectors such as malicious PDF attachments and Microsoft Office documents embedded in phishing emails.

As part of a tactic known as web bug, the links are used to track when the messages are opened by the endpoint.

When the initial access to the victim is gained, the hacker group collects sensitive information from its network. 

MuddyWater is known for its attacks against government networks across the US, Europe, the Middle East and South Asia for the last two years, with the aim of conducting cyber-espionage for state interests, deploying ransomware and destructive malware and stealing intellectual property that has high economic value. 

“Iran has become an increasingly capable and sophisticated cyber actor since 2007,” Rich Outzen, a retired colonel in the US Army and senior fellow at the Jamestown Foundation, told Arab News. 

“Up to that time, there were cyber attacks and cyber crime emanating from Iran, but little evidence of state direction,” said Outzen. 

“Starting with the suppression of the Green Movement and Iran’s own experience as a target of cyber attacks on its sanctioned nuclear program, the emergence of an ‘Iranian Cyber Army’ under the guidance of the Islamic Revolutionary Guard Corps has been documented,” he said. 

The group is mainly motivated by geopolitical events and designs its hacking attempts based on long-term strategic goals. 

“Iran now regularly conducts data deletion attacks, Distributed Denial of Service attacks, and industrial disruption attacks against targets in the US, Europe, Israel and the Gulf, as well as against domestic targets in Iran,” Outzen said. 

“The attacks on Turkey have been less frequent, but appear to be increasing in the past two to three years. With the rapprochement underway with Israel and the Gulf, more can be expected,” he said.

Last week, Turkey and Israel jointly foiled an Iran-led assassination attempt on a 75-year-old Israeli-Turkish businessman in Turkey after a lengthy intelligence operation that unveiled an Iranian cell. 

The timing of the assassination attempt coincided with Turkey’s discussions to normalize diplomatic relations with Israel, when President Isaac Herzog was set to visit the country soon.

It also came days before Turkish President Recep Tayyip Erdogan’s planned visit to the UAE to boost ties and develop joint cooperation projects for the region. 

This time, the hacker group’s targets in Turkey included the Scientific and Technological Research Council of Turkey.

“Iran uses cyber warfare as an extension of its foreign and security policies,” Jason M. Brodsky, policy director of United Against Nuclear Iran, told Arab News. 

“Iranian tactics include cyber espionage, cyberattacks and foreign influence operations,” said Brodsky.

“Turkey has long been a target of Iranian cyber activity,” he added. 

“For instance in 2015, some reports traced a large power outage in Turkey to Iran. The US government has alleged that the Mabna Institute, which is an Iranian company that has on occasion contracted with Iranian governmental entities to conduct hacking operations, targeted universities in Turkey,” Brodsky said.

Experts advise institutions in Turkey to assess the cyber threat, apply security updates to all their systems periodically, improve the preparedness of their networks against exposure to malicious activities, and develop up-to-date remote access solutions and web-based email access with multi-factor authentication. 

Earlier this year, US Cyber Command attributed MuddyWater’s activities to the MOIS, and it published some samples of malicious codes allegedly used by Iranian hackers to help US allies defending themselves from future intrusion attempts.

According to the US Congressional Research Service, the MOIS “conducts domestic surveillance to identify regime opponents. It also surveils anti-regime activists abroad through its network of agents placed in Iran’s embassies.”

Brodsky said that, in the current context, Iran’s motives can be multifaceted for economic, intelligence and political reasons. 

“Tehran has broadly been trying to extract a price from regional competitors who are in the process of improving or normalizing relationships with Israel, and such an uptick in Turkey would not be surprising,” he said. 

“That is not to mention that the cyber attacks could be related to Ankara’s very public allegations of Iranian intelligence activity in the country, targeting dissidents and recently an Israeli businessman,” he said.

According to Outzen, sanctions against countries that are allegedly behind these attacks are of limited use because the primary cyber actors of concern for the US and its allies — Russia, China and Iran — are already heavily sanctioned. 

 “The cyber collectives carrying out the attacks often operate at the direction of, but not formally as part of, state apparatus,” he said. 

“Sanctions must be combined therefore with both a campaign of public awareness and cyber security practices that make targets harder to strike, and cyber operations by the US and its allies against the sources of the attacks,” he added.

Outzen added that this is an ongoing, low-level cyber war, which Turkey is now a part of. 

“The key is to both protect (their) own assets, and to pose the malicious actors — in this case Iran — escalating costs for engaging in the attacks,” he said. 

Ties between Turkey and Iran have recently fluctuated, with the countries pursuing an intense geopolitical rivalry in Syria’s northwestern Idlib province and northern Iraq, particularly the disputed Sinjar district. 

Last week, Turkey and Israel jointly foiled an Iran-led assassination attempt on a 75-year-old Israeli-Turkish businessman in Turkey after a lengthy intelligence operation that unveiled an Iranian cell. 

On Jan. 20, Iran abruptly cut natural gas flow to Turkey and the disruption lasted for about 10 days, undermining operations in factories.


UNRWA in ‘early warning mode’ after shortfall at pledging conference

UNRWA in ‘early warning mode’ after shortfall at pledging conference
Updated 12 sec ago

UNRWA in ‘early warning mode’ after shortfall at pledging conference

UNRWA in ‘early warning mode’ after shortfall at pledging conference
  • Agency subject to smear campaign that ignores pioneering achievements, its chief tells Arab News
  • UN Relief and Works Agency supports millions of Palestinian refugees in Middle East

UNITED NATIONS: The solution to the chronic underfunding of the UN agency helping Palestinian refugees lies in a “political will” that matches declarations of support for its work, the head of the UN Relief and Works Agency told Arab News.

Philippe Lazzarini’s comments came at a press briefing a day after a pledging conference that raised $160 million from international donors.

This leaves the agency short of $100 million needed to support education for more than half a million Palestinian children, health care services for over 2 million people, and cash assistance for the poorest among them.

The $100 million shortfall is about the same as UNRWA has faced every year for almost a decade.

This year, however, skyrocketing costs mean the agency will not be able to absorb the shortfall through austerity and cost-control measures as “there’s very little left to cut without cutting services,” Lazzarini said, adding that the money should tide UNRWA over until September, but things are up in the air after that.

“We’re in an early warning mode,” he said. “Right now, I’m drawing attention that we’re in a danger zone and we have to avoid a situation where UNRWA is pushed to cross the tipping point, because if we cross the tipping point that means 28,000 teachers, health workers, nurses, doctors, engineers can’t be paid.”

He added that UNRWA has a very strong donor base in Europe, and last year the Biden administration restored funding, reversing former US President Donald Trump’s aid freeze.

But Lazzarini said the overall contribution from the Arab world has dropped to less than 3 percent of the agency’s income.

“What’s also true is that the Arab world and the Gulf countries have always shown great solidarity with Palestinian refugees, and have always been involved in financing the construction of schools and clinics, and whenever there was a humanitarian emergency, to contribute to the humanitarian response,” he added. “This is very important to keep.”

He said the Arab League has been discussing for two years that its contribution to UNRWA should at least amount to 7-8 percent of the agency’s core budget.

“There’s room for increased solidarity, and having the region committed means a lot to the Palestinians,” he added.

The COVID-19 pandemic and the war in Ukraine cast a shadow over the donor conference, where some admitted to financial difficulties and donor fatigue.

“Funding the agency’s services has been put at risk today because of de-prioritization, or maybe increased indifference, or because of domestic politics,” Lazzarini said. “We’ll know better at the end of the year how much it will impact the agency.”

Some donors have already warned UNRWA “that we might not have the traditional top-up at the end of the year, which would be dramatic” for the agency, he added.

UNRWA was established in 1949 following a resolution by the UN General Assembly to carry out relief efforts for the 750,000 Palestinians who were forced from their homes when Israel was established in 1948.

There are now about 6 million Palestinian refugees living in camps in the occupied West Bank, East Jerusalem and Gaza, as well as in Jordan, Syria and Lebanon.

“Today, we have some classrooms with up to 50 kids,” Lazzarini said. “We have a double shift in our schools. We have doctors who can’t spend more than three minutes in medical consultation. So if we go beyond that, it will force the agency to cut services.”

UNRWA’s problem is that “we’re expected to provide government-like services to one of the most destitute communities in the region, but we’re funded like an NGO because we depend completely on voluntary contributions,” he added.

Ahead of Thursday’s donor conference, Gilad Erdan, Israel’s permanent UN representative, had urged countries to stop contributions until UNRWA fires teachers that his country claims support terrorism and killing Jews.

Lazzarini said UNRWA received a letter from Israel’s UN Mission on Friday that he had not read, but all allegations will be investigated and if there is a breach of UN values and misconduct, “we’ll take measures in line with UN policies.”

He added that UNRWA’s detractors are usually civil society organizations that “seek to undermine the agency, usually target lawmakers, and talk about (UNRWA’s) textbooks and education in schools without acknowledging the extraordinary efforts exerted by the agency to ensure quality education in line with UNESCO standards.

“I keep reminding we’re the only ones having reached gender equality, having a proper human rights curriculum in the region, that we’re regularly assessed by third parties.

“The World Bank assessed that we’re high value for money when it comes to education. Children are one year ahead compared to public education in the region.

“We have extraordinary human success stories of kids who have gone to our schools and succeeded at international level.”

He said UNRWA’s operations are among the most heavily scrutinized but “despite that, there’s smear campaign on issues — which sometimes need indeed to be addressed — but which never acknowledge the efforts being put by the agency.”
 


60,000 students take exams as Lebanon grapples with crises

60,000 students take exams as Lebanon grapples with crises
Updated 18 min 10 sec ago

60,000 students take exams as Lebanon grapples with crises

60,000 students take exams as Lebanon grapples with crises

BEIRUT: On Saturday, 60,933 Lebanese students took their intermediate certificate exams (Brevet) amid severe power cuts, water shortages and inflated transport costs.
However, the security forces provided a peaceful environment inside the exam centers while the Lebanese Army was deployed outside.
The Ministry of Education and Higher Education organized exams around where invigilators live to reduce transport costs. It also ensured that exams were only taken in centers that students and teachers could efficiently access.
Lebanon’s worsening financial crisis and the local currency’s depreciation meant that the ministry faced several challenges for holding the exams.
The ministry canceled the exams last year during the pandemic and struggled to organize them this year amid a teachers’ strike and parents grappling with the high costs of driving their children to centers.
Making matters worse for the students, an unusual end-of-June thunderstorm hit Lebanon on Saturday morning. Given the cloudy weather, the ministry had to plead with private generator owners to provide exam centers with power so students can clearly see their exam sheets.
In some centers in Diniyeh, northern Lebanon, exams were delayed for over two hours due to the power outage and the storm.
The second part of the Brevet exams will be held on Monday; just two days of exams are now required after subjects were reduced to five instead of nine.
The official exams of the Lebanese Baccalaureate Certificate of Secondary Education, which 43,000 students will take, are scheduled to start on Wednesday and last for three days.
A total of 12,000 teachers are supervising the official exams as the official education associations decided not to boycott exams at the last minute despite their demands to raise the allowance.
Imad Al-Ashkar, director general at the ministry, who heads the examining committees, said the suspension of studies as a result of the teachers’ strike and online schooling have been taken into account while setting exam papers.
The ministry has resorted to donors to secure additional funds to pay teachers for supervising and correcting official exams.
The teachers were promised an increase in financial allowances for supervisors and heads of exam centers; 160,000 LBP ($6.34) and 200,000 LBP respectively. They were also promised a $20 daily allowance provided by donor countries.
The currency depreciation means that the supervisor’s allowance is only enough to buy them a sandwich and a soda. Meanwhile, the price of a 20-liter gasoline canister is almost 700,000 LBP.
The struggle of education workers is being replicated by all the Lebanese, who are facing a living crisis that has reached unacceptable limits, as bakeries are running out of bread and water is barely reaching households since the Water Establishment cannot afford diesel to run its pump.
Power cuts are ongoing and more medicines are expected to go missing from pharmacies as subsidies will be lifted on more chronic disease medicines next week.
Traders are taking advantage of the crisis to make illegal profits; the cost of 10 barrels of household water has doubled to 1 million LBP.
Some bakery owners have reported that people in the southern suburb of Beirut are buying all the flour from the mills at a subsidized price before setting up stands near bakeries, selling flour bags at double their price while the security services stand idly by.


Yemen truce suffers blow as Houthis reject UN envoy’s proposal on Taiz

Yemen truce suffers blow as Houthis reject UN envoy’s proposal on Taiz
Updated 24 min 12 sec ago

Yemen truce suffers blow as Houthis reject UN envoy’s proposal on Taiz

Yemen truce suffers blow as Houthis reject UN envoy’s proposal on Taiz
  • The international community’s lenient stance would only encourage the Houthis to refuse to lift their siege of the city
  • “He should push for the implementation of his proposal and name and shame the party that rejected it,” Al-Ajar told Arab News

AL-MUKALLA, Yemen: The Yemeni government’s delegation to peace talks focused on the southwestern city of Taiz demanded on Saturday that the United Nations Special Envoy to Yemen Hans Grundberg denounce the Iran-backed Houthis for rejecting proposals to end the siege of Taiz and threatening to undermine the UN-brokered truce.
Ali Al-Ajar, a member of the government delegation, said the international community’s lenient stance would only encourage the Houthis to refuse to lift their siege of the city, which began in 2015.
“He should push for the implementation of his proposal and name and shame the party that rejected it,” Al-Ajar told Arab News. “His policy of holding the stick from the middle will not lead to any solution.”
Grundberg initially propose the opening of a main road and four secondary roads around the city in Amman, during the latest round of talks on Taiz between the government and the Houthis.
The government delegation, which had previously insisted that the Houthis lift their siege of Taiz immediately, accepted the proposal, while the Houthi delegation requested time to discuss it with their leaders in Sanaa.
Grundberg had visited Sanaa and Muscat in an effort to convince the Houthis to accept his proposal and start implementing a key element of the UN-brokered truce that came into effect on April 2.
The Houthis officially rejected Grundberg’s proposal on Taiz on Thursday, proposing as an alternative the “immediate opening” of two of the city’s access roads, one linking Taiz to Sanaa via Aber, Al-Saremen, Al-Demenah and Al-Houban, and the second connecting Taiz to Aden through Al-Sharejah (Lahj), Karesh and Al-Rahedah.
Those roads were described by the government delegation as “unpaved, long, and going through flood courses.” The first road, they said, is “small and rough” and only viable for off-road vehicles, while the second road runs through Houthi-controlled areas.
“For us, the (siege) is better than accepting the Houthi’s proposal. The road is one-way and dusty and would not alleviate the suffering of the people of Taiz. They should open the wide road between Taiz and Al-Houban,” Abdul Basit Al-Baher, a Yemeni military officer in Taiz, told Arab News.
Protesters on Friday congregated near Taiz’s blockaded western and eastern entrances to denounce the Houthi siege and draw international attention to their suffering. “Break Taiz siege,” read one of the posters written in English.
Taiz has been effectively cut off from the rest of the country since the Houthi siege began seven years ago, but the Iran-backed militia has so far failed to seize control of the city thanks to fierce opposition from the army and resistance fighters.


El-Sisi: ‘Terrorism among greatest challenges facing humanity’

El-Sisi: ‘Terrorism among greatest challenges facing humanity’
Updated 25 June 2022

El-Sisi: ‘Terrorism among greatest challenges facing humanity’

El-Sisi: ‘Terrorism among greatest challenges facing humanity’
  • Egyptian president was speaking at BRICS Summit
  • ‘Terrorism violates the basic rights of citizens, foremost of which is the right to life’

CAIRO: Terrorism remains among the greatest challenges facing humanity,” Egypt’s president said during his speech at a summit in Beijing that brought together Brazil, Russia, India, China and South Africa.

Abdel Fattah El-Sisi praised “the BRICS group’s keenness to adopt a common vision toward political and economic issues of interest to developing countries, especially with regard to exploring prospects for development cooperation and support for development financing.”

He added: “The efforts focused on addressing the repercussions of the current economic crisis should not come at the expense of supporting sustainable development in the least developed and developing countries, countries that still suffer from a lack of development financing.”

El-Sisi said: “Achieving development goals must come in parallel with all international efforts to address traditional and non-traditional challenges, top of which are the issues of terrorism and climate change.”

He added: “The phenomenon of terrorism violates the basic rights of citizens, foremost of which is the right to life, and hinders the efforts of governments toward achieving the economic and social goals of their people.”

He said: “Egypt stresses the need to adopt a comprehensive approach that includes various dimensions to dry up the sources of terrorism and prevent the provision of funding, safe havens and media platforms for terrorist organizations, as well as addressing the economic and social conditions and factors that push some to extremism and joining terrorist groups.”

Egypt previously participated as a guest in the BRICS Summit hosted by China in September 2017.


Turkey re-evaluating death penalty after Erdogan’s wildfires comment — minister

Turkey re-evaluating death penalty after Erdogan’s wildfires comment — minister
Updated 25 June 2022

Turkey re-evaluating death penalty after Erdogan’s wildfires comment — minister

Turkey re-evaluating death penalty after Erdogan’s wildfires comment — minister
  • Capital punishment was struck from the constitution in the early years of Erdogan's rule
  • After a suspected deliberate blaze destroyed 4,500 hectares of Aegean coastal forest, Erdogan said tougher justice was needed

ISTANBUL: Turkey will reconsider a 2004 decision to abolish capital punishment, the justice minister said on Saturday, after President Tayyip Erdogan raised the death penalty in connection with the cause of this week’s wildfires.
Capital punishment was struck from the constitution in the early years of Erdogan’s rule. But after a suspected deliberate blaze destroyed 4,500 hectares (11,119 acres) of Aegean coastal forest, Erdogan said tougher justice was needed.
Authorities have said that a suspect detained in connection with the fire has admitted to causing it. The blaze, in woodland near the resort of Marmaris, has been contained, authorities said on Saturday.
After visiting the scene on Friday, Erdogan said the punishment for burning forests should be “intimidating, and if that’s a death sentence, it’s a death sentence.”
Speaking to reporters in the eastern town of Agri on Saturday, Justice Minister Bekir Bozdag said the president’s comments “are instructions to us.”
“We have started working on it as the ministry,” Bozdag said, adding that the current punishment for starting wildfires was 10 years in prison, rising to a possible life sentence if part of organized crime.
The country’s first big blaze of the summer began on Tuesday and conjured memories of last year’s fires which ravaged 140,000 hectares of countryside, the worst on record.
Interior Minister Suleyman Soylu said on Thursday that the detained suspect had admitted to burning down the forest out of frustration due to family issues.
Local officials told Reuters in recent days that authorities lacked the necessary equipment and personnel for another summer of fires.
On Friday, Forestry Minister Vahit Kirisci said 88 percent of forest fires in Turkey were started by people.