Iran Focus
London, 01 Mar – An Iranian hacking group that has previously conducted surveillance on the Iranian people for the Regime is now setting its sights on other places in the Middle East, according to a new report from Symantec.
The cybersecurity firm reports that in 2017 the group, known as Chafer, had been targeting airlines, aircraft services, telecom firms, and technology companies serving the air and sea transport sectors in Israel, Jordan, Saudi Arabia, Turkey and the United Arab Emirates.
The report read: “The group staged a number of ambitious new attacks last year, including the compromise of a major telecoms services provider in the region. There is also evidence that it attempted to attack a major international travel reservations firm.”
The report described this as “heightened ambitions” from the Iranian hackers and said that Symantec also found evidence of attacks against an African airline.
Although, the report does note that Chafer appears to be primarily engaged in surveillance and tracking of individuals and most of its attacks are carried out to gather information on targets.
Previous attacks
Symantec previously wrote about these particular Iranian hackers in a 2015 blog post, where it documented how they mainly spied on people in Iran, but the report highlighted that the Iranian hackers had already begun targeting regional telecom and airline companies.
The Iranian hackers have been using new tools in its attacks, according to Symantec, including during the WannaCry and Petya ransomware attacks.
Over the past few years, many cybersecurity experts have seen Iran’s cyber-espionage capabilities become more sophisticated.
American intelligence officials have previously said that hackers linked to the Iranian Regime attacked Saudi Arabian oil giant Aramco in 2012, successfully wiping thousands of computers and paralyzing operations.
Since then, security experts have traced many subsequent cyber attacks back to Iran, including hacks on Saudi, American and South Korean companies, but Iran has not commented on these.
Saudi Arabia
Saudi Foreign Minister Adel Al-Jubeir told CNBC in February Iran was “the most dangerous nation” for cyber threats.
He said: “Iran is the only country that has attacked us repeatedly and tried to attack us repeatedly. In fact, they tried to do it on a virtually weekly basis.”
Jubeir added that Saudi Arabia is taking all necessary steps to defend itself against cyber attacks and that it is training its people to “be able to engage in offensive operations to make it hopefully impossible for people to penetrate those systems.”
