Threat Level: green Handler on Duty: Yee Ching Tok

SANS ISC: SANS Daily Network Security Podcast (Stormcast) for Friday, August 28th 2015 SANS Daily Network Security Podcast (Stormcast) for Friday, August 28th 2015


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

ISC StormCast for Friday, August 28th 2015

SANS Daily Network Security Podcast (Stormcast) for Friday, August 28th 2015
00:00

My Next Class

… more classes

Spotify spotify logo

Discussion

There seems to be no conclusive proof this phishing originated from "Iranian attackers".

The article linked by SANS, in turn references a report by the Israeli company Clearskysec, which in turn references a non-existent Google cache entry from Florida's College of Arts (???). See for yourselves at page 14 of http://www.clearskysec.com/wp-content/uploads/2015/06/Thamar-Reservoir-public1.pdf (version as of today 2015-08-28).

The other "intelligence" could have been intentionally spoofed: Iranian IP addresses (botnet?), a blog in Farsi (with an English name), free Iranian hosting service (without its access logs), domain registration details (can be set/changed to anything) and lastly the phone call in Farsi... I don't always send phishing, but when I do, I always phone in my native language disclosing my nationality and leaving a voice fingerprint.

All I ask is that you please label a guess as such.
Posted by Enos on Fri Aug 28 2015, 05:28

New Discussions closed for all Podcasts older than two(2) weeks
Please send your comments to our Contact Form