Following sanctions, Iran bombards US with phishing emails
Security solutions provider FireEye has seen increased activity of state-sponsored cyber attacks from Iran following the increased geopolitical tensions with the US.
Tensions between longtime rivals Iran and the US are running high after the Pentagon has launched a cyber attack against Iranian computer systems instead of a military strike for downing its expensive drone. Iran officials have told media that cyber attacks from the US have not been successful so far.
“Following what happened with the oil tankers in the Gulf in May, we have seen state-sponsored or advanced persistent threat group 33 (APT33) sending phishing emails, targeting both public and private sectors in the US and the Middle East,” Jens Monrad, Head of Intelligence at FireEye Europe, Middle East and Africa, told TechRadar Middle East.
The US introduced sanctions on Iran in November 2018 while the six-month oil waiver came into effect on May 2, 2019.
Iran threat groups have been focusing on the government and private organisations in the Middle East
Iranian malware, known as, Shamoon 1, in 2012, reportedly destroyed thousands of computers at Saudi Aramco and Qatar’s RasGas, while Shamoon 2 made similar attacks in 2016 and 2017, and Shamoon 3 made a new wave of attacks against targets in the Middle East oil and gas plants in December 2018.
“Iranian threat groups are also likely to be using cyber espionage to reduce the uncertainty surrounding the conflict. Notably, APT33 has historically carried out destructive cyber attacks in addition to intelligence collection,” he said. Moreover, he said that intrusions in cyberspace carry less risk than carrying out in the real world with a physical force [military strike].
“We will continue to see an increase in attacks and responses with a similar force. My view is that Iran will focus not only the government and military targets alone but also other organisations to cause economic damage following the US sanctions,” he said.
Monrad urged Middle East countries to be cautious as some of the governments have alliances and strategic partnerships with the US. “They may not be directly targeted but could be indirect. We have historically seen that cybercriminals will be keeping a close vigil to steal the tools during these types of state-sponsored attacks.
These tools could be stolen and used by the cybercriminals against people or enterprises who have no part in the conflict,” he said.