Security firm warns of increased hacking bids in Middle East

The hacking group, called APT33, were sending phishing emails masked as messages from a Middle Eastern oil and gas company.-Alamy Image

Dubai - The firm expects the cyber attacks to continue because of the current geopolitical climate.

Read more...

By Sarwat Nasir

Published: Tue 18 Sep 2018, 8:00 PM

Last updated: Tue 18 Sep 2018, 10:15 PM

An Iranian hacking group has increased their cyber espionage operations against Middle Eastern organisations in retaliation against the recent sanctions that were reimposed on the Iranian government, a new investigation by an intelligence-led security firm has revealed.
FireEye, which has majority of its Middle Eastern clients in Saudi Arabia and the UAE, noticed cyberattacks being launched between July 2 to July 29 and were targeting companies in the energy sector. Recently, the US President Donald Trump also withdrew from the nuclear deal that was signed in 2015.
The hacking group, called APT33, were sending phishing emails masked as messages from a Middle Eastern oil and gas company.
"In July we observed a significant increase in activity from this Iran affiliated APT group. The APT33 operation primarily focused on the energy sector, which has been affected by recent sanctions that were placed on Iran," said Alister Shepherd, the Middle East and Africa director for Mandiant at FireEye.
"The motivation behind the operation is uncertain, but it's possible that the attackers were using spear phishing to facilitate the theft of intellectual property or to subsequently cause disruption in retaliation to the sanctions. It's imperative for companies to ensure they are capable of quickly detecting and responding to these intrusion attempts."
Shepherd said that the phishing emails had increased by 10 folds in this time period. The hackers were using Farsi in the coding and were operating on Iranian time.
The firm is certain that the aim behind the cyberattacks was to "search for strategic intelligence capable of benefiting a government or military sponsor".
"The reality is that when we are looking at the timing, this isn't timing embedded in a piece of software that's been altered, this is us in many instances actively watching the attacker. The days these hackers are working are from Saturday to Wednesday, which fits in with the Iranian week. The reality is that when it happens consistently over time, it's a strong indicator. We also see Farsi language being used," Shepherd said.
Since 2013, the group has targeted military and commercial organisations in the aviation and energy sectors with a main goal of intellectual property theft. APT has previously targeted multiple industries based in the US, Saudi Arabia, Japan and South Korea.
"Malware leveraged by APT in previous operations demonstrate destructive capabilities in addition to credential-theft and data exfiltration," the firm said.
The firm expects the cyber attacks to continue because of the current geopolitical climate.

Who and how they are hacking?

APT33 hacking group were sending phishing emails masked as messages from a Middle Eastern oil and gas company from July 2 to July 29 to the various organisations in the region.
Phishing emails had increased by 10 folds in this time period. The hackers were using Farsi in the coding and were operating on Iranian time.
sarwat@khaleejtimes.com  
 

Sarwat Nasir

Published: Tue 18 Sep 2018, 8:00 PM

Last updated: Tue 18 Sep 2018, 10:15 PM

Recommended for you