Report: Iran may evolve into hacking superpower

Share this article:
Senators introduce bill that would flag countries, products that benefit from espionage
Threats have grown in sophistication from website defacement to politically motivated cyber espionage.

In a report that documents the activities of the Iranian Ajax Security Team, FireEye contends that Iran-based hacker groups are becoming increasingly more sophisticated in their attacks and could mirror the evolution of elite Chinese hacking organizations to become a hacking superpower.

While FireEye stops short of making a connection between the hackers and the Iranian government, the report notes “the objectives of these groups are consistent with Iran's efforts at controlling political dissent and expanding offensive cyber capabilities.”

In a Tuesday email correspondence with SCMagazine.com, Darien Kindlund, director of threat research at FireEye, said the company believes “Iran is increasingly reaching to hacker groups within the country” which “coincides with a shift among some groups, such as Ajax Security Team, from website defacements to cyber espionage activity.”

The 20-page report titled "Operation Saffron Rose," notes that the Ajax Security Team is engaged in espionage using malware that is unique to the group. The hackers are targeting defense industrial-based U.S. companies as well as Iranian dissidents and those who use anti-censorship technology to circumvent Iran's internet filtering system. To that end, FireEye found that the group pursued 77 people from a single C2 server.

In a Tuesday blog post, FireEye researchers wrote that “It is unclear if the Ajax Security Team operates in isolation or if they are a part of a larger coordinated effort,” but noted that the group “has its roots in popular Iranian hacker forums such as Ashiyane and Shabgard, [and] has engaged in website defacements since 2010.”

FireEye has observed that the Ajax Security Team is currently strengthening its numbers by recruiting from existing cyber crime gangs, particularly members who held leadership positions and whose sights were trained on politically motivated attacks that dovetail with the Iranian government's goals and interests. The group, too, has been involved in website defacement but has increasingly shifted its interests to cyber espionage.

Acknowledging that the organization has used “a variety of clever social engineering techniques to deliver their malware” but calling the malware's “somewhat limited” in capability, Kindlund said “it provides all the functionality they need to conduct successful attacks.” 

To guard against the threats posed by Iranian hacking groups, Kindlund cautioned companies, organizations and government entities to “be wary/vigilant of spearphish email attacks, which are disguised in the same fashion as listed in the example email of the report.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.