In its report, Singapore-based FireEye has detailed Iran’s growing cyber espionage capabilities which has now placed it among the “top five world cyber-power”.
As per FireEye, an internet security firm, hackers who have been allegedly linked to Iran’s government have attacked computer systems at aerospace and petrochemical firms which belong to Saudi Arabia and the West.
The development marks a rise in the prowess of Iran’s cyber espionage. FireEye’s assessment gains credence as it is shared by other U.S. experts.
FireEye’s report has pointed the finger at APT33, a hacking group, and has offered instances, as evidence, of it trying to steal military and aviation related secrets, as well as gearing up for attacks that might cripple entire computer networks.
Last week, in a related move, the U.S. Treasury Department has added two Iran-based hacking networks and eight individuals to a U.S. sanctions list and has accused them of taking part in cyber-enabled attacks on the U.S. financial system.
APT33’s name surfaced when FireEye was called to investigate cyber attacks on a U.S. aviation organization, computer security incidents at a South Korean group with interests in oil refining and petrochemicals and similar incidents at a Saudi business conglomerate with aviation holdings.
FireEye declined to name the companies.
“Iranian fingerprints are all over this campaign, and government fingerprints in particular,” said John Hultquist, FireEye’s director of cyber espionage analysis. “Right now we are seeing a lot of activity that seems to be classic cyber espionage.”
APT33 has been the first state-backed group from Iran to join FireEye’s list, which includes state-backed and individual hacking groups from China, North Korea and Russia.
APT stands for “Advanced Persistent Threat”.
As per Hultquist, it would appear APT33 has shared some tools with around 15 different hacking groups all of who have Iranian ties and carry names, such as “Charming Kitten”, “Shamoon”, and “RocketKitten”.
Experts have noted in the past that the Kitten nomenclature goes to reflect the low level of respect Iran’s hacking capabilities attract.
However, several cyber experts have said, there is growing professionalism and rising cyber warfare capability in Iran’s cuber-espionage talents.
“In recent years, Iran has invested heavily in building out their computer network attack and exploit capabilities,” said Frank Cilluffo, director of George Washington University’s Center for Cyber and Homeland Security.
As per Cilluffo, a former homeland security advisor to President George W. Bush, who testified before the U.S. Congress on Iran’s cyber budget, he estimates that it has jumped twelve-fold under President Rouhani, which places Iran in one of the “top five world cyber-power”.
“They are also integrating cyber operations into their military strategy and doctrine,” said Cilluffo.
According to Kevin Mandia, FireEye’s Chief Executive, Iranian cyber espionage had grown in sophistication since he first spotted Iranians conducting rudimentary attacks on the U.S. State Department in 2008.
“They’re good. (They‘ve) got a real capability there,” said Mandia.
He went on to add, in the investigations of attacks on Western companies and governments that FireEye is hired to do, Iran now ranks with China and Russia in terms of frequency.
Iran’s rising cyber espionage prowess comes in the wake of a joint cyber assault by the United States and Israel on Iran nuclear reactor in in 2010. The two created what is now known as the “Stuxnet” worm, which was aimed at disabling centrifuges in its nuclear pro gramme.