Security firm Clearsky has discovered that a cyber unit of the Lebanese militant group Hezbollah, known as Lebanese Cedar, has been hacking into unpatched Atlassian and Oracle servers at telecoms and ISPs in the United States, United Kingdom, Israel, and other countries. The company said it identified over 250 such hacked servers.
According to Clearsky, the hackers have been exploiting known vulnerabilities in the systems of these companies to gain access. They appear to be targeting large organizations with high-value data, such as telecommunications firms and ISPs (Internet service providers). So far, there is no evidence that any sensitive data has been compromised.
Lebanese Cedar is believed to be one of Hezbollah’s most sophisticated cyber units. It is believed to have been operating since 2014, but it is only now that its activities are gaining widespread attention.
The group was first identified by security researchers in 2019 when they discovered malicious activity targeting Israeli defense contractors. Since then, it has been linked to several other high-profile attacks on a wide range of targets.
The attacks by Lebanese Cedar are noteworthy due to their scale and sophistication. According to experts, this type of attack requires significant resources in terms of both time and money for research and development of malware code as well as for purchasing hardware or rented hardware infrastructure for launching its operations.
This suggests that the perpetrators are well-funded and well-organized likely backed by a state actor like Iran or Syria and have considerable technical prowess at their disposal.
In addition to exploiting known vulnerabilities in various software systems, Lebanese Cedar also appears to be using phishing techniques such as impersonating legitimate services or websites in order to gain access credentials from unsuspecting users.
Once inside an organization’s network, they can deploy additional tools or malware designed specifically for stealing data or disrupting operations.
Clearsky has urged all companies that use Atlassian or Oracle systems—particularly those with sensitive data to take immediate steps to secure their networks by patching any known vulnerabilities as soon as possible and monitoring for suspicious activity on the network 24/7.
Companies should also ensure their staff is well trained on identifying potential phishing emails or messages so they don’t accidentally give away access credentials or other sensitive information to attackers posing as legitimate services or websites online.
The recent cyberattacks by the Lebanese Cedar unit of Hezbollah are a stark reminder that organizations with sensitive data need to take extra steps to secure their networks.
Companies should patch any known vulnerabilities and monitor for suspicious activity on the network 24/7, as well as ensure staff is trained in identifying potential phishing emails or messages.
By taking these measures, companies can help protect themselves from becoming targets of advanced persistent threats like those being waged by Hezbollah’s sophisticated cyber units.
It is essential now more than ever that businesses remain vigilant when it comes to cybersecurity if they wish to keep their critical infrastructure safe and secure.