A state-sponsored threat actor allegedly affiliated with Iran has been linked to a series of targeted attacks aimed at internet service providers (ISPs) and telecommunication operators in Israel, Morocco, Tunisia, and Saudi Arabia, as well as a ministry of foreign affairs (MFA) in Africa, new findings reveal.
The intrusions, staged by a group tracked as Lyceum, are believed to have occurred between July and October 2021, researchers from Accenture Cyber Threat Intelligence (ACTI) group and Prevailion’s Adversarial Counterintelligence Team (PACT) said in a technical report. The names of the victims were not disclosed.
The latest revelations throw light on the web-based infrastructure used by Lyceum, over 20 of them, enabling the identification of “additional victims and provide further visibility into Lyceum’s targeting methodology,” the researchers noted, adding “at least two of the identified compromises are assessed to be ongoing despite prior public disclosure of indicators of compromise.”