Security researchers have noted a rise in the sophistication of digital attacks stemming from Iran, after incidents involving US defence and dissidents within and outside the country.
In particular, a group known as the Ajax Security Team has been carrying out website defacements since 2010, but has moved to malware-based attacks in recent months.
Looking at the command and control infrastructure for malware samples that were disguised as anti-censorship tools, FireEye researchers found 77 victims. Most appear to have been based in Iran itself.
Typical social engineering tactics have been used by the Ajax team. In one case, a fake page for the 2014 the IEEE Aerospace Conference was set up as a lure to trick targets into installing malware.
Convincing password phishing pages have been created by the hacking crew too, including fake Outlook Web Access and VPN login sites.
The hackers are using their own malware, written in .NET, which they’ve named “Stealer”. It collects system information, takes screenshots, carries out keylogging and pilfers usernames and passwords.
Iran has been growing its cyber capability since the Iranian Cyber Army emerged in 2009. It’s also believed Iran has been heavily investing in digital offence and defence partly because of the Stuxnet attacks that disrupted one of the country’s nuclear plants in the late 2000s, as revealed in 2010.
“We believe that Iran is increasingly reaching to hacker groups within the country,” Nart Villeneuve, senior threat intelligence researcher at FireEye, told TechWeekEurope.
“The capabilities of the Ajax Security Team are unclear — they have used a variety of clever social engineering techniques to deliver their malware, the malware itself is not publicly available but the malware’s overall capability is somewhat limited. That said, it provides all the functionality they need to conduct successful attacks.
“Public statements by both US and Iranian officials indicate that Iran is pursuing both offensive and defensive cyber capabilities.”
FireEye suspects some members of the Ajax crew are also involved in cyber crime. One member, HUrr!c4nE!, has been “flagged for possible fraud” against a retailer, according to the researchers.
How well do you know network security? Try our quiz and find out!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…