好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内,并且不需要特定的开头。首先,我得仔细阅读这篇文章,理解其主要内容。 文章讲的是瑞士网络安全公司Acronis发现了一个新的网络间谍活动,目标是支持伊朗反政府抗议的人。这个活动开始于今年一月,当时伊朗爆发了全国性的示威。黑客利用政府实施的网络封锁,导致信息需求激增,从而传播恶意文件。这些文件伪装成抗议视频和报告,实际上携带了一种新型恶意软件CRESCENTHARVEST,能够远程控制和窃取信息。研究人员推测这可能与伊朗有关的威胁行为者有关。 接下来,我需要将这些要点浓缩到100字以内。要包括:黑客、支持抗议的人、恶意软件、功能、目标群体以及可能的来源。 可能的结构是:黑客针对支持伊朗抗议的人展开网络间谍活动,利用封锁传播恶意软件窃取信息,软件功能包括远程控制和数据窃取,目标可能是国外的支持者。 现在检查字数是否在限制内,并确保没有遗漏关键点。 </think> 黑客针对支持伊朗反政府抗议的人群展开网络间谍活动。他们利用互联网封锁传播伪装成抗议视频和报告的恶意文件,植入名为CRESCENTHARVEST的新恶意软件。该软件可远程控制设备并窃取敏感信息。研究人员推测攻击者可能与伊朗相关联。 2026-2-17 14:46:2 Author: therecord.media(查看原文) 阅读量:1 收藏
Hackers believed to be aligned with Tehran are targeting supporters of Iran’s anti-government protests in a new cyberespionage campaign, researchers have found. The campaign, discovered by Swiss cybersecurity firm Acronis, began in early January, shortly after mass nationwide demonstrations erupted across Iran calling for an end to the Islamic Republic system. Researchers said the attackers likely took advantage of a spike in demand for information after authorities imposed sweeping internet blackouts across the country to limit coverage of the unrest. The threat actor distributed malicious files bundled with authentic protest footage and a Farsi-language report described as providing updates from “the rebellious cities of Iran.” Two files in the archive, disguised as a video and an image, delivered a previously undocumented malware strain that researchers dubbed CRESCENTHARVEST. The malware functions as both a remote access trojan and an information stealer. It is capable of executing commands, logging keystrokes and extracting sensitive data, including saved credentials, browsing history, cookies and Telegram account information. It can also detect installed antivirus software, allowing it to adjust its behavior — becoming more aggressive on poorly protected systems or minimizing activity to avoid detection. While the group behind the campaign has not been identified, Acronis said the attackers’ code, infrastructure and methods suggest links to an Iranian-aligned threat actor. “Amid ongoing political turmoil, this campaign appears specifically crafted to target Farsi-speaking Iranians sympathetic to the protests, though activists, journalists, and others seeking reliable information from within Iran may also be at risk,” researchers said. Given the ongoing internet blackout in Iran, the campaign is more likely aimed at Iranians abroad or their supporters rather than domestic targets, they added. The initial infection method remains unclear, though researchers assess that the campaign likely began with spear-phishing or prolonged social engineering efforts designed to build trust before delivering the malicious files.
Get more insights with the
Recorded Future
Intelligence Cloud.
如有侵权请联系:admin#unsafe.sh