Iranian Hackers Tied to Malware Attacks on Aviation, Energy Firms

Hackers likely working on behalf of the Iranian government have targeted the aviation and petrochemical industries in the U.S., Saudi Arabia and South Korea since 2013, American cybersecurity firm FireEye said Wednesday.

Known as APT33, an acronym for "advanced persistent threat," the hacking group has targeted several aviation and energy companies in the U.S. and abroad within the last few years in an effort to conduct cyber espionage operations at the behest of the Iranian government, FireEye said in a report.

"APT33's targeting of organizations involved in aerospace and energy most closely aligns with nation-state interests, implying that the threat actor is most likely government sponsored," the report said. "This coupled with the timing of operations -- which coincides with Iranian working hours -- and the use of multiple Iranian hacker tools and name servers bolsters our assessment that APT33 may have operated on behalf of the Iranian government."

In some instances the hackers sent recruitment-themed emails to aviation industry employees containing files designed to infect victims' computers upon being opened, occasionally launching their attacks from web addresses mimicking the names of companies including Boeing, Alsalam Aircraft Company and Northrop Grumman, FireEye said.

The hackers managed to go undetected for "four to six months" at a time, The New York Times reported, exfiltrating data while infecting targeted systems with malware capable of wiping disks and deleting files, according to FireEye.

"Based on observed targeting, we believe APT33 engages in strategic espionage by targeting geographically diverse organizations across multiple industries. Specifically, the targeting of organizations in the aerospace and energy sectors indicates that the threat group is likely in search of strategic intelligence capable of benefitting a government or military sponsor," the report said. "We expect APT33 activity will continue to cover a broad scope of targeted entities, and may spread into other regions and sectors...

Comments are closed.