AG百家乐在线官网

Iranian hackers chasing national security targets' data via telco and travel companies

A hacking group known as APT39 is conducting offensive cyber surveillance activities chasing Iran's national security targets.

By Alexander J Martin, technology reporter

Thursday 31 January 2019 13:48, UK

Iranian women walk past landmark graffiti on the walls of the former US embassy in Tehran during a protest on November 4, 2018, marking the anniversary of its storming by student protesters that triggered a hostage crisis in 1979. - Thousands joined rallies in Tehran and other Iranian cities, carrying placards that mocked President Donald Trump, wiping their feet on fake dollar bills, and engaging in the usual ritual of burning the US flag. (Photo by ATTA KENARE / AFP) (Photo credit should read
Image: A hacking group in Iran is going after targets to serve the country's national priorities
Why you can trust Sky News

Iranian hackers are targeting businesses in the telecommunications and travel industries as part of an international surveillance campaign.

The group is attempting to gain access to these industries so it can monitor and track specific individuals for operations believed to serve Iran's national security strategic objectives.

Although it has primarily been active in the Middle East, nations such as the United States and Saudi Arabia are also known to have been targeted by the group, and Israel is believed to have been targeted too.

Countries and industries targeted by APT39. Pic: FireEye
Image: Countries and industries targeted by APT39. Pic: FireEye

Because the hackers use the same tactics and tools in their attacks, their hacking campaign has been tracked by cyber security firm FireEye, which has named the group APT39.

The term APT stands for "advanced persistent threat" and typically refers to a hacking group with state sponsorship, indicating the group has access to considerable resources as well as a non-financial motive.

Another hacking campaign linked to Iran prompted the US to issue an emergency cyber security directive during the shutdown last week in order to prevent the attackers from taking advantage of the furloughed IT workers.

According to FireEye: "APT39's focus on the widespread theft of personal information sets it apart from other Iranian groups... which have been linked to influence operations, disruptive attacks, and other threats."

More on Iran

Related Topics:

Because the group is targeting data, it is believed to be monitoring targets of interest, from collecting personal information about them through to gathering their travel itineraries from travel companies.

It is also targeting telecommunications firms which hold a large amount of customer data, not just including potential browsing data but also metadata about where their devices have been located when they've been used to access the telco network.

The APT39 campaign "showcases Iran's potential global operational reach and how it uses cyber operations as a low-cost and effective tool to facilitate the collection of key data on perceived national security threats and gain advantages against regional and global rivals" reports FireEye.

TO GO WITH AFP STORY BY MOHAMMAD DAVARI - A picture taken of the screen of a laptop shows a webpage that appears when an Iranian user tries to visit websites which are blocked by the government, on May 13, 2013 in the Iranian capital Tehran. The top line reads in Farsi 'Access to the intended webpage is not possible.' Iran is tightening control of the Internet ahead of next month's presidential election, mindful of violent street protests that social networkers inspired last time around over cla
Image: Iran's internet is heavily censored domestically and many international web pages are blocked

Iran has developed a significant offensive cyber capability in recent years which it has regularly exercised against neighbouring states and the West.

One of the most significant cyber attacks ever recorded, the Shamoon attack against Saudia Arabia's state-owned oil company Saudi Aramco, is believed to have been sponsored by the Iranian state.

Elsewhere, attacks from the country have appeared less geopolitically motivated.

A hacking group linked to Iran was identified as targeting dozens of universities in 14 countries, including the UK, in an attempt to steal student credentials, presumably as a method of circumventing academic literature sanctions.

Despite the offensive capability being exercised by the state, many internet users in Iran are limited in their access to outside knowledge due to the development of the country's National Information Network (NIN).

The NIN is designed to be just as malleable to the authorities as the country's print and broadcast media, and also offers Iran's Islamic Revolutionary Guard Corps extensive surveillance abilities to monitor dissent.

Related Topics