Iranian-sponsored hackers using off-the-shelf technology have compromised the U.S. aerospace sector, according to a new report from cybersecurity firm FireEye.
The hacking collective, dubbed APT33 by FireEye, were also said to target other sectors including energy and aviation across Saudi Arabia and South Korea. Cybersecurity experts with the firm said the hacking attacks were espionage-driven and focused primarily on stealing sensitive information. FireEye’s report is here.
That said, the hacking group also has ties to a more destructive piece of malware designed to wipe computers, which has led to concerns that the group may launch more destructive and aggressive attacks in the future.
“It’s the early warning for actors that tomorrow may become more aggressive and shift from a classic intelligence role to an attack role,” FireEye analyst John Holtquist said.
According to the report, APT33 sent hundreds of phishing emails to targets in 2016 using a publicly available tool called ALFASHELL. The emails themselves convincingly passed off as job-recruitment ads, referencing specific job opportunities and salaries, the report adds.
More from The Daily Beast:
According to the report, APT33 sent hundreds of phishing emails to targets in 2016 using a publicly available tool called ALFASHELL. The emails themselves convincingly passed off as job-recruitment ads, referencing specific job opportunities and salaries, the report adds.
The hackers, however, included links to fake company websites, and registered a slew of domains designed to look like sites for companies including Boeing and Northrop Grumman Aviation Arabia. In its report, FireEye points out that several of these companies are involved in developing military and aviation products in Saudi Arabia.
These targets are in line with what a state-sponsored hacking group may be interested in pursuing.
Iranian hackers have attempted to infiltrate U.S.-based systems and infrastructure in the past.
While this incident doesn’t appear to qualify, the Pentagon has said it could consider legitimate cyber attacks an act of war.
Why it’s on our radar: Information in this article helps satisfy Priority Intelligence Requirement 4: What are the latest indicators of a new war in the Middle East? Each week in our Strategic Intelligence Summary, we gauge the likelihood and scope of conflict with Russia, China, North Korea, and in the Middle East, and track the latest developments in each region. Subscribe here to receive our premium intelligence products prepared by Intelligence and special operations veterans.
