Wired reports on how state sponsored Iranian hackers are laser focused on attacking critical infrastructure companies:
In fact, a new network reconnaissance group, dubbed Advanced Persistent Threat 34, has spent the last few years burrowing deep into critical infrastructure companies.
Given how aggressively Iran has pursued infrastructure hacking, previously targeting the financial sector and even a dam in upstate New York, the new findings serve as a warning, and highlight the evolving nature of the threat.
FireEye researchers tracked 34 of the group’s attacks on institutions in seven Middle Eastern countries between 2015 and mid-2017, but says APT 34 has been operational since at least 2014. The group appears to target financial, energy, telecommunications, and chemical companies, and FireEye says it has moderate confidence that its hackers are Iranians. They log into VPNs from Iranian IP addresses, adhere to normal Iranian business hours, their work has occasionally leaked Iranian addresses and phone numbers, and their efforts align with Iranian interests. Namely, targeting the country’s adversaries.
There isn’t definitive evidence of a direct link between APT 34 and APT 33, an Iranian hacking group and malware distributor FireEye published findings on in September. But researchers have seen APT 34 operating concurrently inside many of the same target networks as other Iranian hackers.
The Middle East is seemingly always involved in one conflict or another. It should come as no surprise to see Iran leveraging cyber attacks to their benefit. Implementing strong defense should be a major priority for any business within the region, but especially more so for critical infrastructure companies. They have a lot to lose, and an attack could cause major devestation in the affected country.