Pierluigi Paganini March 07, 2019

Researchers at Microsoft warn of damages caused by cyber operations conducted by Iran-linked cyberespionage groups.

Security experts at Microsoft are warning of economic damages caused by the activity of Iran-linked hacking groups that are working to penetrate systems, businesses, and governments worldwide.

According to Microsoft, the attackers already caused hundreds of millions of dollars in damages by stealing secret data and wiping information from computer networks of 200 companies over the past two years.

The experts estimated the attacks caused hundreds of millions of dollars in damages.

“Researchers for tech giant Microsoft said the attackers stole secrets and wiped data from computer networks after targeting thousands of people at some 200 companies over the past two years, according to The Wall Street Journal.” reported the AFP press agency.

According to the Wall Street Journal, the cyberattacks hit organizations in the energy industry, most oil-and-gas firms, and makers of heavy machinery. The Iran-linked hackers hit organizations in several countries, including Saudi Arabia, Germany, the United Kingdom, India, and the U.S..

Researchers attributed the attacks to an Iran-linked group tracked by Microsoft as Holmium (aka APT33) that has been around since at least 2013. Since mid-2016, the group targeted the aviation industry and energy companies with connections to petrochemical production.

Microsoft observed Holmium cyber espionage group carrying out spear-phishing attacks against more than 2,200 people with the intent to deliver malicious code.

John Lambert, the head of Microsoft’s Threat Intelligence Center defined the attacks as “massively destabilizing events.”

In 2017, security firm FireEye observed the APT33 group targeting aerospace and energy organizations in the United States, Saudi Arabia, and South Korea.

In 2018, the Iran-linked group continued to be very active, security researchers at Cyberbit discovered the Early Bird code injection technique used by the threat actors to inject the TurnedUp malware into the infected systems evading security solutions.

Security experts warn of the increased cyber capabilities of Iran-linked cyber espionage groups, a few days ago PaloAlto Networks published an analysis that revealed the Iran-linked Chafer APT group used a new Python-based backdoor in attacks carried out in November 2018 that targeted a Turkish government entity.

Pierluigi Paganini

(SecurityAffairs – Iran-linked hackers, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]