資訊：伊朗APT對以色列發(fā)起間諜活動(dòng)

Iran APTs Tag Team Espionage, Wiper Attacks Against Israel & Albania
伊朗 APT 聯(lián)合對以色列和阿爾巴尼亞進(jìn)行間諜活動(dòng)和 Wiper 攻擊

Iranian state-backed threat actors have been working closely to spy on, and then wreak havoc against, major organizations in Albania and Israel.
伊朗國家支持的威脅行為者一直在密切合作，監(jiān)視阿爾巴尼亞和以色列的主要組織，然后對其造成嚴(yán)重破壞。

First, Scarred Manticore does the spying. Its clever, fileless Liontail malware framework allows it to quietly perform email data exfiltration, often for well over a year's time.
首先，疤痕蝎獅進(jìn)行間諜活動(dòng)。 其巧妙的無文件 Liontail 惡意軟件框架使其能夠悄悄地執(zhí)行電子郵件數(shù)據(jù)泄露，通常持續(xù)一年多的時(shí)間。

Then, says Sergey Shykevich, threat intelligence group manager at Check Point, "When there is some escalation, like with Mojahedin-e-Khalq (MEK) in Albania or with the war in Israel, there's some decisionmaker in the government that decides, 'Let's go burn our cyber access for espionage and instead do influence and destructive operations.' And then they pass it to the other actor, focused on the same organization."
然后，Check Point 威脅情報(bào)小組經(jīng)理謝爾蓋·什克維奇 (Sergey Shykevich) 表示，“當(dāng)事態(tài)升級時(shí)，比如阿爾巴尼亞的人民圣戰(zhàn)組織 (MEK) 或以色列的戰(zhàn)爭，政府中的一些決策者會決定，” 讓我們?yōu)殚g諜活動(dòng)而銷毀我們的網(wǎng)絡(luò)訪問權(quán)限，轉(zhuǎn)而進(jìn)行影響和破壞性行動(dòng)。” 然后他們將其傳遞給另一個(gè)參與者，專注于同一組織。”

Other Void Manticore wipers target the partition table — the part of the host system responsible for mapping out where files are located on the disk. By ruining the partition table, the data on the disk remains untouched yet inaccessible.
其他 Void Manticore 擦除器的目標(biāo)是分區(qū)表——主機(jī)系統(tǒng)的一部分，負(fù)責(zé)映射文件在磁盤上的位置。 通過破壞分區(qū)表，磁盤上的數(shù)據(jù)保持不變但無法訪問。