Newly emergent threat actor Abraham Ax has been associated with Iranian state-sponsored operation Moses Staff, also known as Cobalt Sapling, according to The Hacker News.
Iconography, videography, and leak site similarities between both Abraham Ax and Moses Staff indicate that only one entity has been operating both operations, a Secureworks Counter Threat Unit report found. Saudi Arabia government ministries have been targeted by both Abraham Ax and Moses Staff, suggesting that the attacks may have been due to Israel and Arab nations' improving relationship.
"Iran has a history of using proxy groups and manufactured personas to target regional and international adversaries. Over the last couple of years an increasing number of criminal and hacktivist group personas have emerged to target perceived enemies of Iran while providing plausible deniability to the Government of Iran regarding association or responsibility for these attacks. This trend is likely to continue," said Secureworks Principal Researcher Rafe Pilling.
Forty-five malicious NPM and PyPI packages have been deployed by threat actors to facilitate extensive data theft operations as part of a campaign that commenced on Sept. 12, according to BleepingComputer.
Sixty thousand emails from U.S. State Department accounts were noted by a staffer working for Sen. Eric Schmitt, R-Mo., to have been exfiltrated by Chinese threat actors during the widespread compromise of Microsoft email accounts that commenced in May, according to Reuters.