Home / / FireEye reports more Iran-backed cyberattacks

FireEye reports more Iran-backed cyberattacks

APT33 group behind spear phishing campaign that targeted regional oil & gas organisations

FireEye reports more Iran-backed cyberattacks
FireEye has said it is confident that an Iran-backed hacking group was behind a cyber espionage campaign in July.

FireEye has said that Iranian hacking group APT33 has launched another round of cyber spying attacks on energy sector organisations in the Middle East.

The security company says that it has ‘high confidence' that the Iran government-backed group was behind a spear phishing campaign that ran in July, targetting energy sector organisations mainly in the region, but also in North America and Japan.

The latest campaign used emails that appeared to be from a Middle East oil & gas company, which linked to a malware download disguised as a job posting. A similar theme, sender address, link and malware had been used in previous APT33 campaigns. FireEye technology detected and blocked emails sent to its customers.

The spear phishing campaign also targeted organisations in the utilities, insurance, manufacturing, and education sectors.

FireEye assesses with high confidence that APT33 works on behalf of the Iranian Government. Since at least 2013 the group has targeted military and commercial organisations in the aviation and energy sectors with the chief goal of intellectual property theft. Malware leveraged by APT33 in previous operations demonstrate destructive capabilities in addition to credential-theft and data exfiltration.

Alister Shepherd, Middle East and Africa director for Mandiant at FireEye added: "In July we observed a significant increase in activity from this Iran affiliated APT group. The APT33 operation primarily focused on the energy sector, which has been affected by recent sanctions that were placed on Iran. The motivation behind the operation is uncertain, but it's possible that the attackers were using spear phishing to facilitate the theft of intellectual property or to subsequently cause disruption in retaliation to the sanctions. It's imperative for companies to ensure they are capable of quickly detecting and responding to these intrusion attempts."

FireEye anticipates that the current geopolitical climate may lead to additional operations by the group, targeting the same sectors.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.