Hackers in Iran Attacking Aviation and Petrochemical Industries

According to FireEye the cyber-security company, a hackers' group thought as operating inside Iran to give service to the government reportedly has been aiming attacks on petrochemical and aviation businesses within South Korea, USA and Saudi Arabia.

Renowned security vendor FireEye further reports that the suspected hackers used a malicious program which was capable of destroying the infected PCs, with two likewise attacks from Iran that targeted Saudi Arabia during 2016 and 2012.

Known as APT33, the hackers' crew distributed phishing e-mails pretending to be help-wanted advertisements for enticing workers at different U.S organizations having close links with aviation industries in Saudi Arabia, companies in South Korea which are business partners of the petrochemical sector of Saudi Arabia along with holding firms as well as organizations in Saudi Arabia.

FireEye understands the hackers' gang to be Iranian because the source-code of the malware used for hacking contains testing instructions programmed for storing results inside files belonging to the folder called "user," associated with certain Iranian hacker nicknamed "xman_1365_x," found on the hard drive of a Windows PC. The security firm as well pointed out that the crew watched and instructed the infiltrated computers during Saturdays to Wednesdays the work week in Iran. Thehill.com posted this, September 20, 2017.

There was certain malicious web-link embedded on the phishing e-mails, which if followed, installed one backdoor onto the attacked computer. Hackers sent the e-mails in bulk all through 2016 crafted as imitation of original advertisements of various companies. They even acquired those companies' domains via registration, the companies that ran within the targeted regions. This way the e-mails were made to look legitimate. The fake domains showed as connected with Boeing and Northrop Grumman Aviation Arabia. In the West, Iran is said to be an extremely perilous cyber-adversary.

During 2012, the country understandably disseminated Shamoon that attacked RasGas the natural gas supplier in Qatar and Saudi Arabian Oil Co. The virus erased data on hard drives followed with exhibiting one image of an American flag in fire on the PC-screens. Another company Saudi Aramco, which too was attacked, eventually closed its network after its 30,000-and-more PCs were destroyed.

» SPAMfighter News - 10/5/2017