GBHackers

Iran-Linked Hackers Target Oman Ministries in Webshell and Data Theft Campaign

Mayura Kathir · 2 hours ago · Read original ↗

ATT&CK techniques detected

4 predictions

T1190Exploit Public-Facing Application

97%

“focused on vulnerable exchange endpoints, while a separate evisa _ cookies. txt file indicates successful credential - based access to the evisa portal despite no confirmed proxyshell compromise. by april 10, a second directory on port 8002 revealed a matured operator workspace w…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1583.001Domains

77%

“##eh, an amsterdam - based persian - language media organization serving those in iran and beyond seeking alternative journalism. listener ports covered ssh, multiple reverse shells, chisel, registry exfiltration, and socks5 tunneling, while a catch - all post handler logged all …”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1566.002Spearphishing Link

60%

“iran - linked hackers target oman ministries in webshell and data theft campaign iran - linked operators have mounted a broad espionage operation against multiple omani ministries, abusing exposed webshells, sql escalation scripts, and a poorly secured c2 server to steal judicial…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1204.001Malicious Link

55%

“e. g., [. ] ) to prevent accidental resolution or hyperlinking. re - fang only within controlled threat intelligence platforms such as misp, virustotal, or your siem. follow us on google news, linkedin, and x to get instant updates and set gbh as a preferred source in google.”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

Iran-linked operators have mounted a broad espionage operation against multiple Omani ministries, abusing exposed webshells, SQL escalation scripts, and a poorly secured C2 server to steal judicial and identity data at scale. Attacker’s own open directory strongly suggests a Ministry of Intelligence and Security (MOIS) nexus compromised a mailbox , but there are not enough unique […]

The post Iran-Linked Hackers Target Oman Ministries in Webshell and Data Theft Campaign appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.