U.S. Cybersecurity Firm Identifies Iranian Hacking Group Breaking into Middle East Networks

U.S. Cybersecurity Firm Identifies Iranian Hacking Group Breaking into Middle East Networks
A United States cybersecurity firm has identified a “highly active” group of hackers reportedly based in Iran, who are attacking corporate and government networks across the Middle East, The Hill reported Wednesday.
A report issued by Symantec said that the hacking collective, which has been dubbed “Leafminer,” has attacked networks in Saudi Arabia, the United Arab Emirates, Qatar, Kuwait, Bahrain, Eqypt, Israel and Afghanistan.
Leafminer’s targets, according to The Hill, include the “energy, telecommunications, financial services, transportation and government” sectors.
According to Vikram Thakur, technical director at Symantec, Leafminer appears to have begun operations in 2017, but has increased its activity since the end of last year and is “continuing to conduct attacks as of right now.”
Symantec’s researchers found a list with approximately 800 target organizations written in Farsi. While all the groups in the list have some connection to Iran, Iran is not itself on the list. “From an analytics perspective, that just adds to the fact that they’re likely to be from Iran,” Thakur observed.
Analysts say that Leafminer seems particularly interested in hacking  into e-mails “to harvest communications and other data, likely for espionage purposes.”
Currently the group’s tactics do not appear to be very sophisticated, however, Thakur believes that they may have expanded the scope of their operations and targeted Western countries.
In 2016, the Justice Department indicted seven Iranians for carrying out cyber-attacks against dozens of American banks as well as a dam located in upstate New York. The hackers were identified as working for private security firms on behalf of Iran’s Islamic Revolutionary Guard Corps.
In November 2015, shortly after the nuclear deal was agreed to, the U.S. reported that Iranian cyber-espionage activities were increasingly aggressive and included attacks on the State Department.
In December of last year, a report released by FireEye, a cybersecurity firm, characterized Iranian hacking attempts as a “coordinated, probably military, endeavor.”
In Iran Has Built an Army of Cyber-Proxies, which was published in the August 2015 issue of The Tower Magazine, Jordan Brunner described Iran’s rise as a cyberwarfare power as a parallel development of its network of global terrorist proxies.
Iran is adept at building terrorist and other illicit networks around the world. Its cyber-capabilities are no different. It uses the inexpensive method of training and collaborating with proxies in the art of cyber-war. It may also have collaborated with North Korea, which infamously attacked Sony in response to the film The Interview. It is possible that Iran assisted North Korea in developing the cyber-capability necessary to carry out the Sony hack. While acknowledging that there is no definite proof of this, Claudia Rosett of the Foundation for Defense of Democracies raised the question in The Tower earlier this year.
More importantly, Iran is sponsoring the cyber-capabilities of terrorist organizations in Lebanon, Yemen, and Syria. The first indication of this was from Hezbollah. The group’s cyber-activity came to the attention of the U.S. in early 2008, and it has only become more powerful in cyberspace since then. An attack that had “all the markings” of a campaign orchestrated by Hezbollah was carried out against Israeli businesses in 2012.
Lebanon’s neighbor, Syria, is home to the Syrian Electronic Army (SEA), which employs cyber-warfare in support of the Assad regime. There are rumors that indicate it is trained and financed by Iran. The SEA’s mission is to embarrass media organizations in the West that publicize the atrocities of the Assad regime, as well as track down and monitor the activities of Syrian rebels. It has been very successful at both. The SEA has attacked media outlets such as The Washington Post, the Chicago Tribune, the Financial Times, Forbes, and others. It has also hacked the software of companies like Dell, Microsoft, Ferrari, and even the humanitarian program UNICEF.
[Photo: Creative Film / YouTube ]