FireEye, the IT security company, has revealed details of an Iranian hacking group, APT33, that it believes has destructive capabilities.
According to analysis from FireEye, APT33 has carried out cyber espionage operations since at least 2013, and the firm believes that the hackers are likely to be working for the Iranian government.
FireEye Mandiant's incident response consultants found that APT33 had targeted organisations in a number of industries that were headquartered in the US, Saudi Arabia, and South Korea.
The group has allegedly shown "particular interest in organisations in the aviation sector, involved in both military and commercial capacities, as well as organisations in the energy sector with ties to petrochemical production".
FireEye did not mention any specific companies, but said that APT33 had compromised a US-based aviation firm, and a business conglomerate located in Saudi Arabia that has aviation holdings. It simultaneously targeted a Saudi Arabian organisation and a South Korean business conglomerate using a malicious file that enticed victims with job vacancies for a Saudi Arabian petrochemical company.
FireEye suggested that APT33 may have targeted these organisations to help Iran expand its own petrochemical production and improve competitiveness within the region.
Spear phishing e-mails were sent to employees whose jobs related to the aviation industry, asking them to click on links.
However, FireEye noticed mistakes by the APT33 operators, with default values left in the shell's phishing module. Minutes after sending the emails with the default values, the group sent new emails to the same recipients with the default values removed.
APT33 also allegedly registered multiple domains relating to the targeted companies, which may also have been used in the phishing attacks.
The cyber security company said APT33's targeting of companies with links in aviation and energy aligns with nation-state interests, which suggests that the hackers are government sponsored.
"Its aggressive use of this tool, combined with shifting geopolitics, underscores the danger that APT33 poses to governments and commercial interests in the Middle East and throughout the world. Identifying this group and its destructive capability presents an opportunity for organizations to detect and deal with related threats proactively."
HP ZBook x2 offers 32GB RAM, M.2 SSD with up to 2TB storage and Nvidia Quadro GPU
Laptops should be able to offer true all-day working, and some
CGN has created an "online capability gap" between cyber criminals and law enforcement, says Europol
ISPs use Carrier Grade NAT to share IP addresses amongst multiple users
Attack revealed bugs and potential security flaws that were later exploited in real-world cyber attacks