On the heels of a report this week documenting Iran’s increasingly aggressive hacking attacks around the globe, a cybersecurity expert assessed that the advanced nature of the attacks suggests a “coordinated, probably military, endeavor,” CyberScoop an online industry news site reported Thursday.
A report released this week, by FireEye, a cybersecurity firm, noticed increased and increasingly advanced cyber-espionage efforts by groups that have been tied to Iran, and to the nation’s Islamic Revolutionary Guard Corps (IRGC). Groups, believed to be Iranian, have utilized “spearphishing emails, strategic web compromises and breached social media accounts distributing malware,” in order to steal commercial secrets and intercept personal communications.
In the report, FireEye CEO Kevin Mandia wrote that it no longer seemed to be that Russia and China were the source of most hacking attempts, but “that the majority of the actors we’re responding to right now are hosted in Iran, and they are state-sponsored.”
“We saw some noticeable advances in their techniques and tools, like coding changes made to Shamoon [destructive malware],” Adam Meyers, vice president of intelligence for CrowdStrike. “And that showed I think that what was happening in Saudi Arabia was concentrated. This wasn’t some script kiddie trying to steal documents … it was a coordinated, probably military, endeavor,” he added.
CrowdStrike, like FireEye, has reported also that Iran-backed hacking activities have increased dramatically this year.
ClearSky, an Israeli cybersecurity firm, recently reported that Charming Kitty, an Iran-backed group was using cyber-attacks to find out information about Iranian dissidents.
Another U.S. cybersecurity firm Area 1 Security, reported that it too has “observed a considerable increase in Iranian targeting operations,” according to one of its founders, Blake Darché.
The increase in the number and sophistication of Iranian hacking attacks, according to Darché, reflects the government’s role in encouraging these attacks. “Iran spends considerable time in the early kill chain, gathering valuable targeting information against their potential victims for their phishing campaigns,” Darché said.
But because the hackers are good at hiding their identities, it is difficult to assess the full scope of the Iranian hacking threat.
“In 2017, Iran really started acting at scale, and I think to myself, ‘Just how big is that scale?’ We don’t know if we are seeing five percent of Iran’s activities, or 90 percent – although I’m guessing it’s closer to five percent,” Mandia, FireEye’s CEO wrote in the company’s report.
[Photo: phsymyst / Flickr ]