Reuters | By: Eric Auchard | September 20, 2017:
Hackers likely linked to Iran’s government are behind attacks on Saudi and other Western aerospace and petrochemical firms, signaling a rise in Iranian cyber-spying prowess, U.S. security firm FireEye Inc. said Wednesday.
A FireEye report dubbed the new hackers group APT33 and detailed evidence of its activities since 2013 in seeking to steal military and aerospace secrets, while also gearing up for attacks with potential to bring down entire computer networks.
Iran’s elite Islamic Revolutionary Guard Corps was not immediately available for comment when contacted by phone by Reuters at the end of the country’s working week.
FireEye identified APT33 after it was called in to conduct forensic investigations into cyber attacks on a U.S. aviation organization, a Saudi business conglomerate with aviation holdings, and a South Korean group with interests in oil refining and petrochemicals. FireEye declined to name the firms.
In a separate but related move last week, the U.S. Treasury Department named two Iran-based hacking networks and eight individuals to a U.S. sanctions list, accusing them of taking part in cyber-enabled attacks on the U.S. financial system.
FireEye said APT33 was the first state-backed group from Iran to join a list it has compiled over the past decade that identifies campaigns by Chinese, Russian and North Korean cyber spies. APT stands for “Advanced Persistent Threat.”
“Iranian fingerprints are all over this campaign, and government fingerprints in particular,” John Hultquist, FireEye’s director of cyber espionage analysis, told Reuters in an interview. “Right now we are seeing a lot of activity that seems to be classic cyber espionage.”
To read full article – please click here.
