Security researchers have noted a rise in the sophistication of digital attacks stemming from Iran, after incidents involving US defence and dissidents within and outside the country.
In particular, a group known as the Ajax Security Team has been carrying out website defacements since 2010, but has moved to malware-based attacks in recent months.
Looking at the command and control infrastructure for malware samples that were disguised as anti-censorship tools, FireEye researchers found 77 victims. Most appear to have been based in Iran itself.
Typical social engineering tactics have been used by the Ajax team. In one case, a fake page for the 2014 the IEEE Aerospace Conference was set up as a lure to trick targets into installing malware.
Convincing password phishing pages have been created by the hacking crew too, including fake Outlook Web Access and VPN login sites.
The hackers are using their own malware, written in .NET, which they’ve named “Stealer”. It collects system information, takes screenshots, carries out keylogging and pilfers usernames and passwords.
Iran has been growing its cyber capability since the Iranian Cyber Army emerged in 2009. It’s also believed Iran has been heavily investing in digital offence and defence partly because of the Stuxnet attacks that disrupted one of the country’s nuclear plants in the late 2000s, as revealed in 2010.
“We believe that Iran is increasingly reaching to hacker groups within the country,” Nart Villeneuve, senior threat intelligence researcher at FireEye, told TechWeekEurope.
“The capabilities of the Ajax Security Team are unclear — they have used a variety of clever social engineering techniques to deliver their malware, the malware itself is not publicly available but the malware’s overall capability is somewhat limited. That said, it provides all the functionality they need to conduct successful attacks.
“Public statements by both US and Iranian officials indicate that Iran is pursuing both offensive and defensive cyber capabilities.”
FireEye suspects some members of the Ajax crew are also involved in cyber crime. One member, HUrr!c4nE!, has been “flagged for possible fraud” against a retailer, according to the researchers.
How well do you know network security? Try our quiz and find out!
To settle US federal and state claims over multiple data breaches, Marriott International agrees $52…
ByteDance's TikTok is laying off up to 500 employees as it moves to greater use…
In this episode, we uncover why most organisations aren’t ready to harness generative AI. We…
Mixed reactions as Elon Musk hypes $30,000 'self driving' robotaxi called Cybercab, as well as…
AMD unveils new AI and data centre chips as it seeks to improve challenge to…
AT&T and Verizon among US broadband providers reportedly hacked to target American government wiretapping platform