Iranian cyber-threat groups make up for lack of technical sophistication with social engineering trickery

Iranian state-sponsored threat actors are often perceived to be unsophisticated, but security experts quizzed by The Daily Swig warned it would be unwise to underestimate the danger the country poses in cyberspace.

The main objectives of Iranian state-sponsored espionage are to target organizations in multiple industries across the world and dissidents or those tagged as enemies of Iran.

Iranian state-sponsored threat actors are often perceived to be unsophisticated, but security experts quizzed by The Daily Swig warned it would be unwise to underestimate the danger the country poses in cyberspace.

The main objectives of Iranian state-sponsored espionage are to target organizations in multiple industries across the world and dissidents or those tagged as enemies of Iran.

How do Iranian threat actors compare to groups elsewhere in the world?

Nation state-backed Iranian hackers are generally considered to be less advanced than their well-resourced counterparts in Russia or China.

Iranian attackers may rarely exploit zero-day vulnerabilities, but what they lack in technical sophistication they make up for in social engineering trickery.

For example, they are known to invest considerable effort in developing more elaborate social engineering personas on LinkedIn and elsewhere in order to persuade potentially suspicious targets to open malicious links or attachments.

Cyber operations attributed to Iran display a wide range of skill levels, according to threat intelligence experts.

Emiel Haeghebaert, associate analyst at Mandiant Threat Intelligence, commented:

On the lower end of the skills spectrum, Iran has a large community of hackers active on underground forums. Some of their members engage in politically motivated, disruptive operations such as distributed denial of service attacks, generally considered to be rather unsophisticated, against Iran’s adversaries in the Middle East.

Meanwhile, mid-level operators target the Iranian diaspora and conduct surveillance of internal opposition groups.

“These operations typically rely on social engineering through spear-phishing or SMS messages, and generally follow a predictable pattern of tactics, techniques, and procedures [TTPs],” according to Heghebaert.

Read the complete article at: The Daily Swig

Also read: Iran ‘giving Hezbollah cyber training’ as it embraces digital warfare

 

Latest news
Related news