Iranian APT33 Hackers Launch Phishing Attacks on Aviation, Energy Industries

eSecurity Planet, September 28, 2017

Over a period of more than six months, an Iranian government-sponsored hacking group called APT33 successfully launched phishing attacks against companies in the US, Saudi Arabia and South Korea. Their cyber espionage efforts successfully gained access to a US organization in the energy sector and went after an oil refinery and petrochemical business company in South Korea and an aviation holding company in Saudi Arabia. Given these specific targets, a likely motive was to gain intelligence to augment Iran’s own aviation and military strength.

The phishing method for these attacks used psychological efforts to entice the trust of victims. Emails were sent with links going to malicious .hta (HTML application) files. Research indicates that 1.385 million unique phishing sites are set up every month, which is over 46,000 sites per day. The majority of these sites are only active for four to eight hours.

Phishing attacks continue to increase because they are so successful. Research shows that of 200 executives surveyed in the US, one third of the responders reported they see over 500 suspicious emails per week. The attacks keep getting more sophisticated to the point where even savvy people fall for the deception.

Also of concern is that those perpetrating the attacks aren’t carried out by the hooded hacker guy we imagine, but rather, by ordinary, professional workers who’ve become middle class cyber criminals.

Virsec Systems co-founder and COO Ray DeMeo said the existence of groups like APT33 shouldn't be a surprise. "We've seen clear evidence for some time that nation-state funded groups are using systematic, methodical, and innovative techniques to find weaknesses in networks and critical infrastructure systems."

He also told us to "Expect ongoing cyber warfare to be the new normal, and it's critical that all organizations take security much more seriously, improve their detection and protection capabilities, and train all employees to protect their credentials against theft."

Read full Iranian APT33 Phishing Attacks article