According to security researchers, a group of Iranian hackers has been expanding their reach from domestic surveillance to various areas of the Middle East. Based on information received from Symantec, the group is known as Chafer, and they have managed to carry out several attacks on nine different organizations in 2017 alone.
The attacks began in December 2015, when Symantec made their first report about the group. At that point, it was discovered that most of the victims they were spying on were located in Iran.
It is believed that they have been around from as early as July 2014. However, the fact that they were discovered in 2015 has not bothered them in any way, as they continue their unscrupulous activity into 2017.
On February 28th, a few security researchers went on to say that in the initial stages, Chafer seemed only concerned with tracking and surveillance, in an attempt to get information on their targets. In addition, they also launched several attacks last year – one of which affected one of the region’s main telecom providers.
Some of the entities they attacked last year included countries such as Turkey, Saudi Arabia, Jordan, Israel and the United Arab Emirates. They went on to focus on specific areas that included payroll services, aircraft services, and telecom services just to name a few. An African airline and a large-scale travel reservation entity almost fell victim to the cyber-attack.
When compared to earlier activity, Chafer took aim at the web servers of many organizations in an effort to utilize SQL-injection attacks to deploy malware. In the past year, they have added a host of new tools and infection methods to their already loaded arsenal, which includes spreading malware via phishing schemes to steal confidential information. EternalBlue happens to be one of Chafer’s most notorious tools that were used to create havoc in the Petya and WannaCry attacks.
In light of recent events, it is safe to say that they are quite active and even more brazen in selecting their targets according to Symantec.
Researchers are of the opinion that Chafer is still trying to be less apparent while making it difficult to defend yourself even if they are found lurking on the network of an unsuspecting person. They continued by stating that more organizations and supply chains firms are now in the line of fire, with the end objective of reaching and harassing customers.
As expected, the attacks are a bit riskier, but the rewards are just as great if they should succeed, seeing that they would now have more targets to choose from.
Cyber-attacks linked to Iran
Various experts in the field of cybersecurity seem overly concerned as it relates to the spike in Iran’s cyber skills after the 2011 Stuxnet computer virus attack, which almost took out a uranium enrichment park located in the heart of Iran.
With that said, Iranian hackers are under more scrutiny, and it is believed that they are responsible for the 2012 cyber attack that affected several energy companies including Saudi Aramco.
Vikram Thakur, who happens to be the Security Response Technical Director, stated that most of the information being targeted by Chafer is likely to be used by the local government. He also made it clear that he is unsure of the group’s motives as it relates to selling the stolen information to others or keeping it for themselves.