Hackers targeting energy and aviation
Web security experts point fingers at Iran
A suspected Iranian hacking group has been targeting aviation and energy companies in the United States, Saudi Arabia and South Korea since 2013, computer security company FireEye said in a report released Wednesday.
The group seems largely to have en- gaged in stealth spying to give Iranian military and corporate interests information about possible enemies and competition. However, the researchers also found signs of a data- destroying program capable of wiping disks, erasing volumes and deleting files.
During its investigation, FireEye found signs of links to malicious software called SHAPESHIFT, which is capable of destroying data within a company’s network. FireEye said it had not directly observed the hackers carry out any destructive operations, but the capability appears to be present.
A hugely destructive cyber attack in 2012 against Saudi Aramco, one of the world’s largest oil companies, erased da- ta on more than 75% of the company’s computers. U. S. officials later blamed Iranian hackers for the attack.
“Nation states are increasingly laying the groundwork for future disruptive and destructive attacks — planting the seeds they can harvest as needed in the future,” said Galina Antova, co- founder of Claroty, a New York- based company that secures industrial control systems. “It is widely believed that those campaigns were laying the ground work for the possibility of future disruption should political winds lead to the need to do so.”
The group, which FireEye researchers dubbed “APT33,” has shown particular interest in commercial and military aviation companies as well as companies tied to petrochemical production. APT stands for Advanced Persistent Threat.