Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 6 MINUTES AGO.
You are here: Home / Viruses & Malware / Iran Hackers Tied To Malware Attacks
Iranian Hackers Tied to Malware Attacks on Aviation, Energy Firms
Iranian Hackers Tied to Malware Attacks on Aviation, Energy Firms
By Andrew Blake Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
SEPTEMBER
22
2017
Hackers likely working on behalf of the Iranian government have targeted the aviation and petrochemical industries in the U.S., Saudi Arabia and South Korea since 2013, American cybersecurity firm FireEye said Wednesday.

Known as APT33, an acronym for "advanced persistent threat," the hacking group has targeted several aviation and energy companies in the U.S. and abroad within the last few years in an effort to conduct cyber espionage operations at the behest of the Iranian government, FireEye said in a report.

"APT33's targeting of organizations involved in aerospace and energy most closely aligns with nation-state interests, implying that the threat actor is most likely government sponsored," the report said. "This coupled with the timing of operations -- which coincides with Iranian working hours -- and the use of multiple Iranian hacker tools and name servers bolsters our assessment that APT33 may have operated on behalf of the Iranian government."

In some instances the hackers sent recruitment-themed emails to aviation industry employees containing files designed to infect victims' computers upon being opened, occasionally launching their attacks from web addresses mimicking the names of companies including Boeing, Alsalam Aircraft Company and Northrop Grumman, FireEye said.

The hackers managed to go undetected for "four to six months" at a time, The New York Times reported, exfiltrating data while infecting targeted systems with malware capable of wiping disks and deleting files, according to FireEye.

"Based on observed targeting, we believe APT33 engages in strategic espionage by targeting geographically diverse organizations across multiple industries. Specifically, the targeting of organizations in the aerospace and energy sectors indicates that the threat group is likely in search of strategic intelligence capable of benefitting a government or military sponsor," the report said. "We expect APT33 activity will continue to cover a broad scope of targeted entities, and may spread into other regions and sectors as Iranian interests dictate."

The Iranian government did not immediately comment publicly on the report, but FireEye executives say they've uncovered evidence that all but implicates Tehran.

"Iranian fingerprints are all over this campaign, and government fingerprints in particular," John Hultquist, FireEye's director of cyber espionage analysis, told Reuters. "Right now we are seeing a lot of activity that seems to be classic cyber espionage."

James Clapper, the former U.S. National Intelligence director, said in 2015 that Iran has "lesser technical capabilities but possibly more disruptive intent" than Chinese and Russian state-sponsored hackers, though the State Department's Overseas Security Advisory Council concluded the following year that Tehran is "rapidly improving its cyber warfare capabilities."

Iranian hackers have previously been attributed with unleashing Shamoon, a computer virus that infiltrated Saudi Arabian Oil Co. in 2012 and Saudi government computers in late 2016.

The U.S., on its part, reportedly worked with Israeli counterparts to develop Stuxnet, a debilitating worm blamed with breaking thousands of centrifuges after being unleashed in 2011 against Iran's contested nuclear program.

© 2017 Washington Times under contract with NewsEdge/Acquire Media. All rights reserved.
Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN VIRUSES & MALWARE

NETWORK SECURITY SPOTLIGHT
China-based Vivo will be the first company to come out with a smartphone featuring an in-display sensor for fingerprint security, beating Apple, Samsung, and other device makers to the punch.

ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.