FireEye Inc announces details of an Iranian hacking group it says was responsible for cyber attacks in Saudi Arabia
FireEye Inc, the intelligence-led security company, has announced details of an Iranian hacking group it says was responsible for cyber attacks in Saudi Arabia.
The group, which FireEye has named APT33, has carried out cyber espionage operations since at least 2013, it said in a statement.
The company said the information comes from recent investigations by consultants who uncovered information on APT33’s operations, capabilities, and potential motivations.
The research showed that APT33 has targeted organisations headquartered in the United States, Saudi Arabia and South Korea. The group is said to have shown particular interest in organisations in the aviation sector involved in both military and commercial capacities, as well as organisations in the energy sector with ties to petrochemical production.
FireEye said that from mid-2016 through early 2017, APT33 compromised a US organisation in the aviation sector and targeted a business conglomerate located in Saudi Arabia with aviation holdings. During the same time period, the group also targeted a South Korean company involved in oil refining and petrochemicals.
In May 2017, APT33 appeared to target a Saudi Arabian organisation and a South Korean business conglomerate using a malicious file that attempted to entice victims with job vacancies for a Saudi Arabian petrochemical company.
FireEye analysts said they believe the targeting of the Saudi Arabian organisation may have been an attempt to gain insight into regional rivals, while the targeting of South Korean companies could be due to South Korea’s partnerships with Iran’s petrochemical industry as well as South Korea’s relationships with Saudi Arabian petrochemical companies.
FireEye added that APT33 may have targeted these organizations as a result of Iran’s desire to expand its own petrochemical production and improve its competitiveness within the region.
The research said APT33 registered multiple domains that masquerade as Saudi Arabian aviation companies and Western organisations that have partnerships to provide training, maintenance and support for Saudi Arabia’s military and commercial fleet.
John Hultquist, director of intelligence analysis at FireEye said: “Iran has repeatedly demonstrated a willingness to globally leverage its cyber espionage capabilities. Its aggressive use of this tool, combined with shifting geopolitics, underscore the danger that APT33 poses to governments and commercial interests in the Middle East and throughout the world.
"Identifying this group and its destructive capability presents an opportunity for organisations to detect and deal with related threats proactively.”