Iranian Hackers Impersonated US Citizens to Spearphish Aerospace and Satellite Technology Sectors

By:  |  Category: Blog Friday, September 25th, 2020  |  No Comments
Iranian Hackers

Phishing is after all, the most successful type of cyber-attack. Used by run-of-the-mill hackers and state-backed malware gangs alike, it has devastated organizations out of millions.

On Thursday U.S. officials sanctioned one of Tehran’s state-backed hacker teams and charged three Iranians “with stealing sensitive information about aerospace and satellite technology,” while publicly exposing their tools and strategies.

The crimes occurred between July 2015 and February 2019, where “Pourkarim Arabi, Mohammad Reza Espargham and Mohammad Bayati targeted more than 1,800 user accounts at U.S. and foreign companies, including employees in the aerospace and satellite technology sectors and workers.” This occurred in the U.S., the U, K., Australia, Israel, and Singapore at “international government organizations.”

The men were operating per Iran’s Islamic Revolutionary Guard Corps, and impersonated U.S. citizens in specifically targeted industries, using spearphishing messages to “trick employees into downloading malware.”

A Justice Department statement explains that once downloaded, the malware unlocked access to the victims’ computers and company networks, allowing the hackers to steal “sensitive commercial information,  intellectual property, and personal data from victim companies, including a satellite-tracking company and a satellite voice and data communication company.”

Also explained in the indictment is how the hackers used common tools such as ‘Metasploit and Mimikatz’ to “plant” backdoors on networks, collect passwords, and acquire administrator privileges.

Added to its sanctions list, the Treasury Department called out the Iran-linked hacker group APT39 (Advanced Persistent Threat 39), as well as 45 associated individuals and a front group called Rana Intelligence Computing Co. Using the company front, Iran had employed years-long malware campaigns targeting Iranian dissidents, journalists and international travel companies. “Iran’s Ministry of Intelligence and Security, which is already under sanctions, controls APT39.”

APT39 uses Visual Basic Script and AutoIt scripting languages to mimick Mozilla Firefox and turn the Android app into a malicious tool.

FBI director Christopher Wray said the bureau wants to stop playing “whack-a-mole” with hackers and look at the fight “in a new way.” Making it “harder and more painful for hackers and criminals to do what they’re doing.”

If you’re also looking to make it more difficult for hackers to exploit your organization, we can help. Call EnhancedTECH today (714) 970-9330.

-Emmy Seigler

Source: https://www.msn.com/en-us/news/world/us-calls-out-iranian-hacker-threat-with-indictment-sanctions-and-threat-analysis/ar-BB199jDl?li=BBnb7Kz&ocid=hplocalnews

Leave a Comment
Read previous post:
How Fast Does Phishing Awareness Training Wear Off? New Research Says 6 Months

If you don’t use it, you lose it, right? In the case of cybersecurity awareness training, this is now proven...