Ansar Group (iran) helped monitor and surveil lebanon.
leaks from #oplebanon by @GhostSec__ , show Ansar Group, hacked and maintained a live backdoor connection to lebanese institutions (check thread). They used a tool, nicknamed Scarecrow @MITREcorp @EFF @Lookout #OpLebanon
leaks from #oplebanon by @GhostSec__ , show Ansar Group, hacked and maintained a live backdoor connection to lebanese institutions (check thread). They used a tool, nicknamed Scarecrow @MITREcorp @EFF @Lookout #OpLebanon
Some victims list:
beirut airport beirutairport.gov.lb
national mail company libanpost.com
Fidelity insurance fidelity.com.lb
Medgulf insurance medgulf.com.lb
Triplec Computer Consultants triplec.com.lb
Teletrade teletrade.com.lb
beirut airport beirutairport.gov.lb
national mail company libanpost.com
Fidelity insurance fidelity.com.lb
Medgulf insurance medgulf.com.lb
Triplec Computer Consultants triplec.com.lb
Teletrade teletrade.com.lb
and Manar University of Tripoli (now City university) mut.edu.lb
The access is significant not just because it let them monitor airport traffic and access to personal records but it was also probably used to launch lateral attacks on other leb gov sites. #OpLebanon
The access is significant not just because it let them monitor airport traffic and access to personal records but it was also probably used to launch lateral attacks on other leb gov sites. #OpLebanon
Scarecrow appears to be a light malware deception engine, first mentioned in a recent research paper by IBM (May 2020) gzs715.github.io/pubs/SCARECROW…
It is possible Ansar got hold of the tool and reprogrammed parts of it. #oplebanon
@EFF @Lookout @IBMResearch @GhostSec__ @RoninNakamoto
It is possible Ansar got hold of the tool and reprogrammed parts of it. #oplebanon
@EFF @Lookout @IBMResearch @GhostSec__ @RoninNakamoto
