An Iranian government-backed hacking group has been targeting American and other international businesses over the last few years, according to a report released by private cyber security researchers at FireEye.
The hackers, dubbed APT33 by the security research firm, appear to be engaged in a form of industrial cyber espionage on regional and strategic competitors in the aviation and petrochemical fields.
In their research on APT33, the group noted a number of characteristics consistent with other Iranian hacking groups, including a Saturday through Wednesday work week and identifying links to a known Iranian government software engineer. While the report says no actual destructive operations were undertaken against targeted companies, they do suspect APT33 likely possesses the capability.
Their targeting of multiple holding companies and organizations in the energy sectors align with Iranian national priorities for growth, especially as it relates to increasing petrochemical production,” the report reads. “We expect APT33 activity will continue to cover a broad scope of targeted entities, and may spread into other regions and sectors as Iranian interests dictate.”
The American company has not been identified, but is reportedly an aerospace organization that was compromised from mid-2016 to early 2017. The hackers used spear phishing to targeted employees which “included recruitment themed lures and contained links to malicious HTML application (.hta) files.”
Other targets included South Korean and Saudi Arabian companies.
We assess the targeting of multiple companies with aviation-related partnerships to Saudi Arabia indicates that APT33 may possibly be looking to gain insights on Saudi Arabia’s military aviation capabilities to enhance Iran’s domestic aviation capabilities or to support Iran’s military and strategic decision making vis a vis Saudi Arabia,”
The U.S. intelligence community has consistently identified Iran as a major cyber security threat, saying it will continue to leverage technological espionage and covert activities to subvert regional threats like Saudi Arabia and undermine U.S. interests in the region as well.
Image courtesy of Colin via Wikimedia Commons