March 23, 2019
Latest News
Science & Technology

Iranian hackers hit companies

Madrid, 7, March (efe-epa).- Cyberattacks linked to Iranian hackers have targeted thousands of people at more than 200 companies over the past two years, Microsoft said, part of a wave of computer intrusions from the country that researchers say has hit businesses and government entities around the globe, according to a report from the Dow Jones Newswires made available to EFE Thursday.

The campaign, the scope of which hadn't previously been reported, stole corporate secrets and wiped data from computers. It caused damages estimated at hundreds of millions of dollars in lost productivity and affected oil-and-gas companies, heavy-machinery manufacturers and international conglomerates in more than a half-dozen countries including Saudi Arabia, Germany, the UK, India and the US, according to researchers at Microsoft, which deployed incident-response teams to some of the affected companies.

"These destructive attacks...are massively destabilizing events," said John Lambert, the head of Microsoft's Threat Intelligence Center.

Microsoft traced the attacks to a group it calls Holmium. It is one of several linked by other researchers over the past year to hackers in Iran, a country that many security researchers say aspires to join Russia and China as one of the world's premier cyber powers. Some of Holmium's hacking was done by a group that other security companies call APT33, Microsoft said.

Iran "denies any involvement in cyber crimes against any nation," said a spokesman for Iran's mission to the United Nations in an email. He called the cybersecurity research by Microsoft and other companies "essentially ads, not independent or academic studies," that should not be taken at face value.

While American and European companies have been hit, security researchers say the attacks from Iran have focused heavily on the Middle East.

But they say Iran's growing cyber strength poses a potential threat to the US at a time of intensified tension between the two countries, the Dow Jones report added.

"They're definitely sharpening their skills and moving up their capabilities," said John Hultquist, director of intelligence analysis at the cybersecurity firm FireEye "When they turn their attention back to the United States, we may be surprised by how much more advanced they are."

One target hit by APT33 is Italian oil company Saipem. A December attack wiped data and affected computer infrastructure at company facilities in the Middle East, India, Scotland and Italy, according to Saipem.

Microsoft has been tracking Holmium for nearly four years. Activity surged in late 2018, according to Microsoft and other companies following the group.

To date, Lambert and his researchers have seen Holmium target more than 2,200 people across about 200 organizations with phishing emails that, if clicked, can install code that steals information or wipes data from computers on the victim's network.

In a phishing email sent to a victim and viewed by The Wall Street Journal, Holmium attackers copied a legitimate job advertisement from a Saudi Arabian oil-and-gas company and sent it to a worker with oil-industry expertise. When clicked on, the email led to a website that then attempted to download malicious software onto the victim's computer.

In January, FireEye warned that Iran-linked hackers were using another technique to break into corporate networks, hitting an "almost unprecedented" number of victims world-wide with a high degree of success.

FireEye said in a blog post that the hackers had been manipulating the critical DNS, or domain name service, records of companies — often telecommunications and internet service providers based in the Middle East — monitoring targets' internet traffic to read email messages and steal usernames and passwords.

FireEye observed at least 50 entities — including corporations, universities and government agencies — hit by this attack, but said it suspected many more victims.

Two weeks after FireEye's warning, the US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency issued a warning about this type of attack, saying the technique, called DNS hijacking, was also being used against the US government.

However, security researchers, including FireEye, say there isn't enough evidence to know whether Iran was involved in the US-focused attacks or hackers from a different country launched them using the same techniques.

Researchers agree that the Iran-linked attacks don't rely on "zero day" exploits, or those leveraging previously undisclosed flaws in computer products. Zero-day attacks are the hallmark of elite hacking groups.

While the attacks tied to Iran use less sophisticated tactics, they often cast a wide net.

Last year, Facebook removed dozens of pages that it had tied to an Iranian influence operation. Months before that, federal authorities charged nine Iranians with launching cyberattacks that hit 144 American universities, 36 US companies and five American government agencies between 2013 and 2017, the Dow Jones report added.

Symantec tracked another campaign it linked to Iran in which hackers went after 800 organizations over the course of the past two years. The unusually large target list shows that the hackers aren't using the kind of precise targeting typically associated with a nation-state attacker, said Vikram Thakur, a researcher with Symantec. Typical nation-state campaigns would focus on fewer than 100 entities, he said.

"No one attacks 800 organizations on purpose," he said. "It just shows that these people were being very opportunistic."

Another Iranian-linked group also has hit more than 200 government agencies, oil-and-gas companies and technology companies including Citrix Systems, according to the security firm Resecurity International. Using a technique described in an alert issued by the Department of Homeland Security last year, the hackers guess the passwords for corporate email accounts, then steal data that they use to burrow further into corporate networks.

A Citrix spokesman confirmed that a single employee account was compromised in 2018 due to a weak password and that the hacker then used that access to obtain "an old version of a list containing Citrix employee work contact information."

The Citrix attack is worrying because the software maker builds widely used remote-access products that could be misused by hackers to gain unauthorized access to other corporate networks. Citrix says it has seen no evidence of any compromise beyond that single account. The company has also "not found any evidence of state-sponsored activity," the spokesman said in an email.

By Robert McMillan

News history
Bolivia allows planting of GM soy to make biodiesel

Cuatro Cañadas, Bolivia, Mar 20 (efe-epa).- Soy producers in eastern Bolivia's Santa Cruz region welcome the government's decision to allow cultivation of...

UAE hosts 8th edition of international government communication forum

Sharjah (United Arab Emirates) Mar 20 (efe-epa).- The eighth edition of the international government communication forum kicked off Wednesday in the United...

Google fined 1.5bn euro by European Commision over advertising

Brussels, Mar 20 (efe-epa).- American technology giant Google was fined 1.49 billion euro ($1.7 billion) Wednesday by the European Commission for blocking...

Scientists in Antarctica studying carbon cycle, the key to climate change

Santiago, Mar 17 (efe-epa).- Chilean and Spanish scientists have set up a monitoring device on the Antarctic Peninsula with the aim of measuring the annual...

Spain had 300 concentration camps detaining 1 million after 1936-39 civil war

Madrid, Mar 16 (efe-epa).- Spain had up to one million people detained in around 300 concentration camps set up by the forces of late dictator Gen....

Russia's Soyuz MS-12 capsule lifts off for ISS from Kazakhstan

Baikonur, Kazakhstan, Mar 14 (efe-epa).- Russia's Soyuz MS-12 space capsule carrying three astronauts lifted off from the Baikonur cosmodrome in Kazakhstan...

Chile to nominate island for World Heritage Site

Santiago, Mar 13 (efe-epa).- The Chilean government is intending to nominate the island of Madre de Dios before the UN Educational, Scientific and Cultural...

Leonardo da Vinci science and technology exhibit opens in Rome

Rome, Mar 12 (efe-epa).- Leonardo da Vinci pondered and designed huge construction machines, fantastic contraptions whereby Man could conceivably fly and an...

Web @ 30 years old: founder call for fight against state-sponsored hacking

Geneva, Mar 12 (efe-epa).- The founder of the World Wide Web has called for a global fight against state-sponsored hacking and online hatred on Tuesday, the...

Soyuz spacecraft installed on Kazakh launch pad ahead of mission to ISS

Baikonur Cosmodrome (Kazakhstan), Mar 12 (efe-epa).- A Soyuz spacecraft and its booster were on Tuesday transported to and set up on a launch pad in...

Moon to Mars Event

Miami, USA, Mar 11 (efe-epa).- The administrator of NASA, Jim Bridenstine, said Monday that the return to the moon is part of a "sustainable" project that...

Bolivian family to pitch Lake Titicaca clean-up plan in Silicon Valley

La Paz, Mar 11 (epa-efe).- A Bolivian family is preparing to present a project to experts in California's Silicon Valley that would use artificial...

Lab in Switzerland celebrates invention of the World Wide Web 30 years ago

Geneva, Mar 11 (epe-efe).- The 30th anniversary of the invention of the World Wide Web will be celebrated at the site of its creation on Tuesday.

Mexico to send 50 students to Robotics World Championship

Cancun, Mexico, Mar 10 (efe-epa).- Mexico is sending 50 students to the 2019 VEX Robotics World Championship in Louisville, Kentucky, in April.

Crew Dragon capsule splashes down in Atlantic as planned after ISS flight

Miami, Mar 8 (efe-epa).- The unmanned Crew Dragon SpaceX capsule, the aim of which is to demonstrate the firm's ability to send modules carrying astronauts...

Israel's first lunar module succeeds in complex navigational space maneuver

Jerusalem, Mar 7 (efe-epa).- Israel's lunar module successfully performed a complex navigational space maneuver on Thursday on its way to the Moon.

Film linking Da Vinci's designs with modern innovations shows in Italy

Rome, March, 7 (efe-epa).- A documentary film that juxtaposes Leonardo Da Vinci's sketches of inventions with modern day feats launched in Italy on...

EFE agency partners with Google in online exhibition on human inventiveness

Madrid, Mar 7 (efe-epa).- Spain's international news agency EFE has partnered with multinational technology company Google to launch one of the largest...

UK queen crosses new milestone as she sends her 1st message on Instagram

London, March, 7 (efe-epa).- The queen of the United Kingdom crossed a new milestone by posting her first message on the Instagram social media on Thursday...

Iranian hackers hit companies

Madrid, 7, March (efe-epa).- Cyberattacks linked to Iranian hackers have targeted thousands of people at more than 200 companies over the past two years,...

T Rex revives at American Museum of Natural History

New York, Mar 5 (efe-epa).- The fearful T Rex, undoubtedly the boss of the dinosaur family, was resuscitated Tuesday at the American Museum of Natural...

Scientists study shark habitats in Galapagos Islands

Quito, Mar 5 (efe-epa).- A study involving several institutions will soon begin monitoring newborn specimens of two shark species that breed in waters of...

Archaeologists use lasers to learn more about Mayan civilization

Guatemala City, Mar 5 (efe-epa).- How the Mayas used their water and agricultural resources, preserved the rain forest and built fortresses and watchtowers...

Who's afraid of AI?

Paris, Mar 5 (efe-epa).- Humanity's Industrial Revolution-era fear that machines will one day take over has taken on a new lease of life with the advent of...

I agree Welcome to We use cookies to improve your online experience. Find out more.