An Iranian hacker group identified as “Ballistic Bobcat” (also known as Charming Kitten, TA543, PHOSPHORUS and/or ATP35/42) has managed to break into the networks of at least 32 Israeli companies in addition to two others, the ESET cyber security firm announced Monday.
Ballistic Bobcat was first identified around two years ago, according to ESET.
The hackers used a “backdoor” entry point known as Sponsor to access the companies’ information systems and sought vulnerable Microsoft Exchange servers that were connected to networks.
Adam Berger, the ESET researcher who discovered the Sponsor backdoor and analyzed the group’s current efforts, emphasized that Ballistic Bobcat was using a diverse selection of open-source tools and custom applications to avoid detection by scanning engines.
The Iranian group was not the only one to attack the companies, however; the networks of at least 16 of the companies were also penetrated by a secondary set of attackers, the cyber security firm said.
ESET did not identify the secondary attackers.
The names of the targeted companies were not disclosed. The two non-Israeli companies were located in the United Arab Emirates and in Brazil, according to the announcement.