Cybersecurity firm: More Iran hacks as US sanctions loomed


By JON GAMBRELL, AP
DUBAI, United Arab Emirates



While the firm FireEye says the so-called “spear-phishing” email campaign only involves hackers stealing information from infected computers, it involves a similar type of malware previously used to inject a program that destroyed tens of thousands of terminals in Saudi Arabia.

The firm warns that raises the danger level ahead of America re-imposing crushing sanctions on Iran’s oil industry in early November.

“Whenever we see Iranian threat groups active in this region, particularly in line with geopolitical events, we have to be concerned they might either be engaged in or pre-positioning for a disruptive attack,” Alister Shepherd, a director for a FireEye subsidiary, told The Associated Press.

Iran’s mission to the United Nations rejected FireEye’s report, calling it “categorically false.”

“Iran’s cyber capabilities are purely defensive, and these claims made by private firms are a form of false advertising designed to attract clients,” the mission said in a statement. “They should not be taken at face value.”

FireEye, which often works with governments and large corporations, refers to the group of Iranian hackers as APT33, an acronym for “advanced persistent threat.” APT33 used phishing email attacks with fake job opportunities to gain access to the companies affected, faking domain names to make the messages look legitimate. Analysts described the emails as “spear-phishing” as they appear targeted in nature.

FireEye first discussed the group last year around the same time. This year, the company briefed journalists after offering presentations to potential government clients in Dubai at a luxury hotel and yacht club on the man-made, sea-horse-shaped Daria Island.

While acknowledging their sales pitch, FireEye warned of the danger such Iranian government-aligned hacking groups pose. Iran is believed to be behind the spread of Shamoon in 2012, which hit Saudi Arabian Oil Co. and Qatari natural gas producer RasGas. The virus deleted hard drives and then displayed a picture of a burning American flag on computer screens. Saudi Aramco ultimately shut down its network and destroyed over 30,000 computers.

A second version of Shamoon raced through Saudi government computers in late 2016, this time making the destroyed computers display a photograph of the body of 3-year-old Syrian boy Aylan Kurdi, who drowned fleeing his country’s civil war.

But Iran first found itself as a victim of a cyberattack. Iran developed its cyber capabilities in 2011 after the Stuxnet computer virus destroyed thousands of centrifuges involved in Iran’s contested nuclear program. Stuxnet is widely believed to be an American and Israeli creation.

APT33′s emails haven’t been destructive. However, from July 2 through July 29, FireEye saw “a by-factors-of-10 increase” in the number of emails the group sent targeting their clients, Shepherd said. The actual number of attacks likely was even larger as FireEye’s figures only include their own clients.

The emails, pretending to be from a Mideast oil and gas company, targeted organizations in the Mideast, North America and Japan. The recipients included companies involved in the oil and gas industry, utilities, insurance, manufacturing and education, FireEye said.

Several clues lead FireEye to believe APT33 has the backing of Iran’s government. The hackers uses Farsi, work an Iranian workweek of Saturday through Wednesday and correspond during Iranian office hours, FireEye said. Its list of targets also includes American firms in petrochemicals and aviation, as well as allied nations, like members of the six-nation Gulf Cooperation Council, Shepherd said. The GCC encompasses Bahrain, Kuwait, Oman, Qatar, Saudi Arabia and the United Arab Emirates.

“Since we started tracking APT33 in 2013, their sophistication has definitely improved. . We wouldn’t put them on the same level as some of the more-sophisticated Russian groups, for instance, in terms of capability,” Shepherd told the AP. “But they are a very capable group and they manage to meet their objectives, which is to compromise institutions in both the government and private sector and steal data.”

___

Follow Jon Gambrell on Twitter at http://www.twitter.com/jongambrellap . His work can be found at http://apne.ws/2galNpz .

COMMENTS





Name

Business,743,Careers & Education,3,Investing,14,Markets,10,Money,4,Personal Finance,4,Real Estate,4,Small Business,15,
ltr
item
Business - U.S. Daily News: Cybersecurity firm: More Iran hacks as US sanctions loomed
Cybersecurity firm: More Iran hacks as US sanctions loomed
https://1.bp.blogspot.com/-QSdROPxR1OA/W6Hi6mj0QdI/AAAAAAAA_Xo/FXihRkkOvsUTk8obxoCRQ0FcH2zglSSxQCEwYBhgL/s1600/4.jpg
https://1.bp.blogspot.com/-QSdROPxR1OA/W6Hi6mj0QdI/AAAAAAAA_Xo/FXihRkkOvsUTk8obxoCRQ0FcH2zglSSxQCEwYBhgL/s72-c/4.jpg
Business - U.S. Daily News
https://business.dailynews.us.com/2018/09/cybersecurity-firm-more-iran-hacks-as.html
https://business.dailynews.us.com/
https://business.dailynews.us.com/
https://business.dailynews.us.com/2018/09/cybersecurity-firm-more-iran-hacks-as.html
true
8288295252483019008
UTF-8
Loaded All Posts Not found any posts VIEW ALL Read More Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy