By Staff Writer
The Iranian Regime has surfaced as a major security threat when it comes to cyber-espionage operations. Accenture Security iDefense released a research report that states, “The Iranian government and hacktivists located in Iran pose a disruptive or destructive cyber threat against the United States, Europe, and the Middle East.”
A large amount of attacks originated in Iran during the first half of 2018. The attacks are reported to be state-sponsored campaigns focused on other nations in the Middle East.
Accenture Security iDefense’s research showed that Iranian hackers’ preferred method of attack is Android-based malware and ransomware launched not only against governments, but also against consumers and businesses.
Various applications infected with malware have flooded the Google Play store. When they are downloaded, they install malicious code on smartphones. Iranian hacker have also targeted legitimate apps, to corrupt them to gain unauthorized access into a user’s device.
Iranian hackers have often been viewed as less skilled and less tenacious than hackers from countries like China and Russia, but recent research, suggests that this is changing quickly. “They’re more sophisticated than the other players,” according to Robert Katz, executive director of the Cyber Science Institute. “They had a major coordinated attack that did damage to our financial institutions on Wall Street. That was 2012, that was before we saw Russia being organized. Shortly after that, they had a physical attack against Saudi Aramco. They destroyed computers and turned them into paperweights.” Katz continued, “All of those are very sophisticated compared to all of the unsophisticated stuff we’ve seen from North Korea and the outright silly stuff we’ve seen from Russia. The Russia stuff was just a basic phishing attack.”
Accenture Security iDefense has been looking into one of the Iranian hacker groups that call themselves PIPEFISH. They are also known as OilRig. The group has spread cyberespionage attack patterns across the Middle East, primarily based on custom ransomware and cryptocurrency miners. Companies that operate in the energy sector in The United Arab Emirates, Qatar and Saudi Arabia are among the most important targets.
“iDefense threat intelligence has maintained an effective tracking collection of PIPEFISH despite this threat group’s continuous changes and shifting of techniques,” reads the report. “It has consistently shown a propensity to reuse metadata, IP infrastructure, components of lure documents, and domain registrants, which has enabled analysts to produce high-confidence intelligence against the group.”