Hackers linked to the Iranian government have conducted a long-term cyber espionage operation against government and industry in Israel, Kuwait, Lebanon, Qatar, Saudi Arabia, Turkey, and the United Arab Emirates, according to FireEye, a cyber security firm.
In a new report, FireEye says the operation by the group it dubs APT34 is “largely focused on reconnaissance efforts to benefit Iranian nation-state interests and has been operational since at least 2014.”
The mostly Middle Eastern targets include government agencies and private industries, including financial, energy, chemical, and telecommunications sectors, the company says.
FireEye bases its assessment that APT34 works on behalf of the Iranian government on clues that include references to Iran, the use of Iranian infrastructure, and targeting that aligns with Iran’s interests.
The hackers sometimes breached networks through spearphishing, a technique designed to get users to open a file in email that secretly installs malware on their computer.
“APT34 is a proficient threat group that has proven particularly effective at leveraging spearphishing emails and social engineering to compromise target networks,” said Nicholas Richard, principal threat intelligence analyst at FireEye. “The group has continually refined and enhanced its tactics, techniques and procedures to successfully target victims and once in a victim’s environment moves rapidly to dump credentials, establish persistence and conduct extensive reconnaissance to facilitate successive operations.”
U.S. intelligence officials have long considered Iran to be a highly capable adversary in cyberspace. In 2013, hackers from Iran’s Islamic Revolutionary Guards Corps infiltrated the computer controls of a small dam 25 miles north of New York City, according to American officials.