APT33 hacking group might be working with Iranian government: FireEye


San Francisco, Sep 21 (IANS): Revealing the operations of Iranian hacking group APT33, US-based cyber security firm FireEye said on Thursday the cybercriminals, who have targeted the energy and aviation sectors, are likely to have worked with the Iranian government.

APT33 has carried out cyber espionage operations since at least 2013 and has targeted organisations headquartered in the US, Saudi Arabia and South Korea.

APT33's targeting of organisations aligns with nation-state interests, implying that the threat actor is most likely government sponsored.

This, coupled with the timing of operations which coincides with Iranian working hours and the use of multiple Iranian hacker tools and name servers, bolsters the assessment that APT33 is likely to have operated on behalf of the Iranian government.

"Iran has repeatedly demonstrated a willingness to globally leverage its cyber espionage capabilities. Its aggressive use of this tool, combined with shifting geopolitics, underscore the danger that APT33 poses to governments and commercial interests in the Middle East and throughout the world," John Hultquist, Director of Cyber Espionage Analysis at FireEye, said in a statement.

"Identifying this group and its destructive capability presents an opportunity for organizations to detect and deal with related threats proactively," added Hultquist.

According to the report, the group has shown particular interest in organisations in the aviation sector involved in both military and commercial capacities, as well as organisations in the energy sector with ties to petrochemical production.

The group sent spear phishing emails to employees whose jobs related to the aviation industry. These emails included recruitment themed lures and contained links to malicious HTML application files.

From mid-2016 through early 2017, APT33 compromised a US organisation in the aviation sector and targeted a business conglomerate located in Saudi Arabia with aviation holdings.

During the same time period, the group also targeted a South Korean company involved in oil refining and petrochemicals.

In May 2017, APT33 appeared to target a Saudi Arabian organization and a South Korean business conglomerate using a malicious file that attempted to entice victims with job vacancies for a Saudi Arabian petrochemical company.

  

Top Stories


Leave a Comment

Title: APT33 hacking group might be working with Iranian government: FireEye



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.