Iran Ups its Traditional Cyber Espionage Tradecraft
Iran‘s nation-state hacking machine mostly is known for its destructive cyberattacks: first with Web defacements, then crippling distributed-denial-of-service (DDoS) attacks, and most recently, data-wiping. But Iran increasingly is increasingly honing its operations in pure intelligence-gathering cyber espionage.
Cyber spying is nothing new, but over the past few years it has evolved into more of a step one for sophisticated nation-state hackers to know their targets, burrow in them, and ultimately wage more damaging attacks, such as ransomware, financial crime, data leaks/doxing, intellectual property theft – and in the case of some Iranian hacking teams such as the one behind Shamoon, data-wiping.
FireEye’s research group this week officially christened one Iranian hacking team it has been tracking for more than four years, as APT39 – the same group of hackers that Symantec already calls Chafer and CrowdStrike calls Helix Kitten. The hacking group operates as an old-fashioned cyber espionage operation, but with advanced stealthy tactics and tools to meet its intel-gathering objectives.
Benjamin Read, senior manager of cyber espionage analysis at FireEye, says his team spotted APT39 in December of last year waging attacks against the telecommunications, travel, and technology services sectors, in campaigns aimed at gathering information and records on individuals. The attackers likely were rooting around for details on phone calls of specific individuals, as well as their travel plans and patterns in support of a broad Iranian government espionage operation, he says.
APT39, unlike its counterparts in Iran that wage influence-peddling, disruption, or destructive cyberattacks, focuses specifically on the theft of personal information for use in monitoring, tracking, and surveillance operations by the nation. “They’re generally stealing data … in bulk and then processing it” for usefulness and use, he says, adding that FireEye does not have insight into the types of individuals APT39 is after.
“They’re gaining information on the very target itself,” Jon DiMaggio, senior threat intelligence analyst at Symantec, says of APT39/Chafer. “It appears they do have some cooperation with other groups” in the Middle East region, he says. “That region’s groups really play together often, which is one of the big differences in attacks” there, he notes.
Symantec by policy doesn’t identify nation-state hacking teams by country, but rather, by general region.
Read More: Dark Reading
Iran Briefing | News Press Focus on Human Rights Violation by IRGC, Iran Human Rights
Feb 18, 2019 Comments Off on Chinese and Iranian Hackers Renew Their Attacks on U.S. Companies
Feb 18, 2019 Comments Off on Iran is responsible for Yemen’s humanitarian crisis, says Pompeo
Feb 15, 2019 Comments Off on Netanyahu on Reported Attack: Israel ‘Constantly Operating’ Against Iran in Syria
Feb 15, 2019 Comments Off on Warsaw summit: Why Iran is the elephant in the room
Feb 18, 2019 Comments Off on Gantz: I Stand With Netanyahu Against Iran
Feb 18, 2019 Comments Off on U.S. Air Force officer helped Iran wage cyber attack on U.S.
Feb 16, 2019 Comments Off on Mike Pence claims Iran is planning a ‘new Holocaust’ to destroy Israel
Feb 16, 2019 Comments Off on IRAN’S ‘TOXIC MONEY’ PREVENTING ISRAELI-PALESTINIAN PEACE- BAHRAINI FM
Feb 18, 2019 Comments Off on Chinese and Iranian Hackers Renew Their Attacks on U.S. CompaniesChinese and Iranian Hackers Renew Their Attacks on U.S. Companies Chinese and Iranian Hackers Renew Their Attacks on U.S. Companies Businesses and government agencies in the United States have been targeted in...
Feb 18, 2019 Comments Off on Gantz: I Stand With Netanyahu Against IranGantz: I Stand With Netanyahu Against Iran Gantz: I Stand With Netanyahu Against Iran Benny Gantz, Hosen L’Yisrael chairman and prime ministerial hopeful, said Sunday that he backs Prime Minister Benjamin...
Jul 14, 2016 Comments Off on Corps’ one hundred thousand of triggered missiles in Lebanon:An official Israel-threatening by CorpsIran Briefing: Since August 7, 1979, when Ayatollah Khomeini declared the last Friday of Ramadhan as “Quds Day”, the Islamic Republic has always tried to hold an imposing ceremony by using state resources as well as requiring people’s involvement. This year’s Quds march had fundamental...