USA TODAY International Edition
Hackers target energy, aviation
Security experts point fingers at Iran
SAN FRANCISCO A suspected Iranian hacking group has been targeting aviation and energy companies in the United States, Saudi Arabia and South Korea since 2013, computer security company FireEye said in a report released Wednesday.
The group seems largely to have engaged in stealth spying to give Iranian military and corporate interests information about possible enemies and competition. However, the researchers also found signs of a data-destroying program capable of wiping disks, erasing volumes and deleting files.
During its investigation, Fire Eye found signs of links to malicious software called SHAPESHIFT, which is capable of destroying data within a company’s network. FireEye said it had not directly observed the hackers carry out any destructive operations, but the capability appears to be present.
A hugely destructive cyber attack in 2012 against Saudi Aramco, one of the world’s largest oil companies, erased data on more than 75% of the company’s computers. U.S. officials later blamed Iranian hackers for the attack.
“Nation states are increasingly laying the groundwork for future disruptive and destructive attacks — planting the seeds they can harvest as needed in the future,” said Galina Antova, co-founder of Claroty, a New York-based company that secures industrial control systems. “It is widely believed that those campaigns were laying the ground work for the possibility of future disruption should political winds lead to the need to do so.”
The group, which FireEye researchers dubbed “APT33,” has shown particular interest in both commercial and military aviation companies as well as energy companies tied to petrochemical production. APT stands for Advanced Persistent Threat, in which attackers gain access to a network and covertly gather information rather than seeking to damage the network or the organization.