Iranian cybercrime group APT33 has stepped up its attacks on a variety of companies in the Persian Gulf, including energy firms, The National reports, citing research from security company FireEye.
The National notes that there is wide belief that the hacker group is linked to the government in Tehran and adds that the attacks became more frequent after President Trump pulled the Untied States out of the Joint Comprehensive Plan of Action, more commonly known as the Iran nuclear deal.
As an example of the step-up in attacks from APT33, FireEye describes a spear phishing attack against companies in the Gulf, disguised as an email from an oil and gas company from the region. Phishing attacks as a rule aim to trick recipients into clicking a malicious link and inadvertently sharing sensitive information with the attackers.
The National quoted a FireEye official as saying the hacker group likely targeted energy industry companies because of the impact U.S. sanctions are having on its own energy industry. Although the executive declined to give any specific numbers with regard to the attacks, Alister Shepherd noted that the increase had been tenfold, adding that most of the attacks took place during days coinciding with the Iranian week. “Its operatives primarily worked “Saturday through Wednesday…which fits with the Iranian week. When it happens consistently over time that’s a strong indicator.”
Shepherd went on to say he expected the number of attacks to continue growing as the effects of the sanctions begin to bite more deeply.
Bloomberg yesterday reported that Iranian oil exports had dropped by 35 percent since May, when Trump withdrew from the nuclear deal, and further declines are on the way. This will hit the Iranian economy hard as, according to the IMF, oil revenues account for as much as 80 percent of Iran’s tax revenue.
News Source: Link