Search This Blog

Iranian hackers target US, Saudi aviation sector

A cyber espionage group suspected of working in Iran for its government is targeting the aviation and energy industries in Saudi Arabia, the US and South Korea.
(pc-Google images)
A cyber espionage group suspected of working in Iran for its government is targeting the aviation and energy industries in Saudi Arabia, the US and South Korea.

According to US security firm FireEye, the hacking group that it calls Advanced Persistent Threat 33 (or APT33) has been targeting critical infrastructure, energy and military sectors since at least 2013 as part of a massive cyber-espionage operation to gather intelligence and steal trade secrets.

The report added, "We assess the targeting of multiple companies with aviation-related partnerships to Saudi Arabia indicates that APT33 may possibly be looking to gain insights on Saudi Arabia's military aviation capabilities to enhance Iran's domestic aviation capabilities."

The report by FireEye also said the suspected Iranian hackers left behind a new type of malware that could have been used to destroy the computers it infected, an echo of two other Iran-attributed cyberattacks targeting Saudi Arabia in 2012 and 2016 that destroyed systems.

 APT33 targets organisations by sending spear phishing emails with malicious HTML links to infect targets' computers with malware. The malware used by the espionage group includes DROPSHOT (dropper), SHAPESHIFT (wiper) and TURNEDUP (custom backdoor, which is the final payload).
Share it: