FireEye has released information about a new cyber espionage operation primarily targeting Middle Eastern organisations in the energy sector. According to the company, the Iranian group APT33 is responsible for the attacks.
The operation also targeted some organizations in North America, and Japan, across several sectors including utilities, insurance, manufacturing, and education. Between July 2-29, targets were sent spear-phishing emails which masqueraded as messages from a Middle Eastern oil and gas company.
The emails included a link to download a malicious file disguised as a job posting. A similar theme, sender address, link and malware had been used in previous APT33 campaigns. FireEye technology detected and blocked emails sent to its customers.
FireEye claims that APT33 has worked on behalf of the Iranian Government. “Since 2013 the group has targeted military and commercial organizations in the aviation and energy sectors with the chief goal of intellectual property theft. Malware leveraged by APT33 in previous operations demonstrate destructive capabilities in addition to credential-theft and data exfiltration,” said FireEye.
Alister Shepherd, Middle East and Africa director for Mandiant at FireEye added, “In July we observed a significant increase in activity from this Iran affiliated APT group. The APT33 operation primarily focused on the energy sector, which has been affected by recent sanctions that were placed on Iran. The motivation behind the operation is uncertain, but it’s possible that the attackers were using spear phishing to facilitate the theft of intellectual property or to subsequently cause disruption in retaliation to the sanctions. It’s imperative for companies to ensure they are capable of quickly detecting and responding to these intrusion attempts.”
FireEye says that the current geopolitical climate may lead to additional operations by the group, targeting the same sectors.
TagsFireEye hacker group Iranian Mandiant Edit Post
