Security firm warns of Iranian hacking bids
The motivation behind the operation is uncertain. But it’s possible that the attackers were using spear phishing to facilitate the theft of intellectual property.”
Alister Shepherd, official, FireEye
dubai — An Iranian hacking group have increased their cyber espionage operations against Middle Eastern organisations in retaliation against the recent sanctions that were reimposed on the Iranian government, a new investigation by a intelligence-led security firm has revealed.
FireEye, which has majority of its Middle Eastern clients in Saudi Arabia and the UAE, noticed cyberattacks being launched between July 2 to July 29 and were targeting companies in the energy sector. Recently, the US President Donald Trump also withdraw from the nuclear deal that was signed in 2015.
The hacking group, called APT33, were sending phishing emails masked as messages from a Middle Eastern oil and gas company. “In July we observed a significant increase in activity from this Iran affiliated APT group. The APT33 operation primarily focused on the energy sector, which has been affected by recent sanctions that were placed on Iran,” said Alister Shepherd, the Middle East and Africa director for Mandiant at FireEye. “The motivation behind the operation is uncertain, but it’s possible that the attackers were using spear phishing to facilitate the theft of intellectual property or to subsequently cause disruption in retaliation to the sanctions. It’s imperative for companies to ensure they are capable of quickly detecting and responding to these intrusion attempts.”
The firm is certain that the aim behind the cyberattacks was to “search for strategic intelligence capable of benefiting a government or military sponsor”.
“The reality is that when we are looking at the timing, this isn’t timing embedded in a piece of software that’s been altered, this is us in many instances actively watching the attacker. The days these hackers are working from Saturday to Wednesday, which fits in with the Iranian week. The reality is that when it happens consistently over time, it’s a strong indicator. We also see Farsi language being used,” Shepherd said.
The firm expects the cyberattacks to continue because of the current geopolitical climate.
Since 2013, the group has targeted military and commercial organisations in the aviation and energy sectors with a main goal of intellectual property theft. APT has previously targeted industries based in the US, Saudi Arabia, Japan and South Korea.