May 24, 2019
Latest News
Science & Technology

Iranian hackers hit companies

Madrid, 7, March (efe-epa).- Cyberattacks linked to Iranian hackers have targeted thousands of people at more than 200 companies over the past two years, Microsoft said, part of a wave of computer intrusions from the country that researchers say has hit businesses and government entities around the globe, according to a report from the Dow Jones Newswires made available to EFE Thursday.

The campaign, the scope of which hadn't previously been reported, stole corporate secrets and wiped data from computers. It caused damages estimated at hundreds of millions of dollars in lost productivity and affected oil-and-gas companies, heavy-machinery manufacturers and international conglomerates in more than a half-dozen countries including Saudi Arabia, Germany, the UK, India and the US, according to researchers at Microsoft, which deployed incident-response teams to some of the affected companies.

"These destructive attacks...are massively destabilizing events," said John Lambert, the head of Microsoft's Threat Intelligence Center.

Microsoft traced the attacks to a group it calls Holmium. It is one of several linked by other researchers over the past year to hackers in Iran, a country that many security researchers say aspires to join Russia and China as one of the world's premier cyber powers. Some of Holmium's hacking was done by a group that other security companies call APT33, Microsoft said.

Iran "denies any involvement in cyber crimes against any nation," said a spokesman for Iran's mission to the United Nations in an email. He called the cybersecurity research by Microsoft and other companies "essentially ads, not independent or academic studies," that should not be taken at face value.

While American and European companies have been hit, security researchers say the attacks from Iran have focused heavily on the Middle East.

But they say Iran's growing cyber strength poses a potential threat to the US at a time of intensified tension between the two countries, the Dow Jones report added.

"They're definitely sharpening their skills and moving up their capabilities," said John Hultquist, director of intelligence analysis at the cybersecurity firm FireEye "When they turn their attention back to the United States, we may be surprised by how much more advanced they are."

One target hit by APT33 is Italian oil company Saipem. A December attack wiped data and affected computer infrastructure at company facilities in the Middle East, India, Scotland and Italy, according to Saipem.

Microsoft has been tracking Holmium for nearly four years. Activity surged in late 2018, according to Microsoft and other companies following the group.

To date, Lambert and his researchers have seen Holmium target more than 2,200 people across about 200 organizations with phishing emails that, if clicked, can install code that steals information or wipes data from computers on the victim's network.

In a phishing email sent to a victim and viewed by The Wall Street Journal, Holmium attackers copied a legitimate job advertisement from a Saudi Arabian oil-and-gas company and sent it to a worker with oil-industry expertise. When clicked on, the email led to a website that then attempted to download malicious software onto the victim's computer.

In January, FireEye warned that Iran-linked hackers were using another technique to break into corporate networks, hitting an "almost unprecedented" number of victims world-wide with a high degree of success.

FireEye said in a blog post that the hackers had been manipulating the critical DNS, or domain name service, records of companies — often telecommunications and internet service providers based in the Middle East — monitoring targets' internet traffic to read email messages and steal usernames and passwords.

FireEye observed at least 50 entities — including corporations, universities and government agencies — hit by this attack, but said it suspected many more victims.

Two weeks after FireEye's warning, the US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency issued a warning about this type of attack, saying the technique, called DNS hijacking, was also being used against the US government.

However, security researchers, including FireEye, say there isn't enough evidence to know whether Iran was involved in the US-focused attacks or hackers from a different country launched them using the same techniques.

Researchers agree that the Iran-linked attacks don't rely on "zero day" exploits, or those leveraging previously undisclosed flaws in computer products. Zero-day attacks are the hallmark of elite hacking groups.

While the attacks tied to Iran use less sophisticated tactics, they often cast a wide net.

Last year, Facebook removed dozens of pages that it had tied to an Iranian influence operation. Months before that, federal authorities charged nine Iranians with launching cyberattacks that hit 144 American universities, 36 US companies and five American government agencies between 2013 and 2017, the Dow Jones report added.

Symantec tracked another campaign it linked to Iran in which hackers went after 800 organizations over the course of the past two years. The unusually large target list shows that the hackers aren't using the kind of precise targeting typically associated with a nation-state attacker, said Vikram Thakur, a researcher with Symantec. Typical nation-state campaigns would focus on fewer than 100 entities, he said.

"No one attacks 800 organizations on purpose," he said. "It just shows that these people were being very opportunistic."

Another Iranian-linked group also has hit more than 200 government agencies, oil-and-gas companies and technology companies including Citrix Systems, according to the security firm Resecurity International. Using a technique described in an alert issued by the Department of Homeland Security last year, the hackers guess the passwords for corporate email accounts, then steal data that they use to burrow further into corporate networks.

A Citrix spokesman confirmed that a single employee account was compromised in 2018 due to a weak password and that the hacker then used that access to obtain "an old version of a list containing Citrix employee work contact information."

The Citrix attack is worrying because the software maker builds widely used remote-access products that could be misused by hackers to gain unauthorized access to other corporate networks. Citrix says it has seen no evidence of any compromise beyond that single account. The company has also "not found any evidence of state-sponsored activity," the spokesman said in an email.

By Robert McMillan

News history
Experts stress using digital tools to make Colombian companies more dynamic

Cali, Colombia, May 23 (efe-epa).- Increasing human beings' use of digital tools is the vehicle whereby Colombia's business sector will develop, several...

Brazil reintroducing animal species into world's largest urban forest

By Carlos A. Moreno

Almaty, Kazakhstan, May 17 (efe-epa).- Springtime takes on a special meaning along the foothills of the Alatau mountains surrounding the southern Kazakh...

Blood & Truth, PlayStation VR makes you an action hero

By Paula Baena Velasco

Satellite images suggest deforestation decreasing in Latin America

By Gonzalo Sánchez

Toyota, Panasonic announce new joint venture to develop smart homes

Tokyo, May 9 (efe-epa).- Japan’s car maker Toyota Motor and technology giant Panasonic announced on Thursday that they would set up a joint venture to...

Robots, artificial intelligence serve guests at China's hotel of the future

By Paula Escalada Medrano.

Noise pollution threatens Chile's whales

By Patricia Lopez Rossell

Vietnamese teenagers hoping to clean air with bicycle invention

By Eric San Juan

Mexican researcher heads int'l project on globular clusters

Mexico City, May 5 (efe-epa).- Rosa Amelia Gonzalez Lopezlira, a researcher with the National Autonomous University of Mexico (UNAM), headed an...

Scientists find water in Itokawa asteroid samples

Washington, May 1 (efe-epa).- A group of researchers at Arizona State University has found water in samples collected from the surface of the asteroid...

Robot waiters? In one Budapest cafe androids are serving the orders

By Marcelo Nagy

Research reveals that some hydrocarbons have mineral origin

Washington, Apr 22 (efe-epa).- An international group of scientists at the Deep Carbon Observatory (DCO) announced on Monday that part of the Earth's...

Mexican muralist chronicles the coming of the conquistadors

Veracruz, Mexico, Apr 19 (epa-efe).- Melchor Peredo Garcia has created six murals to represent the "historical and sociological phenomenon" of the arrival...

Mexican hamlet marks 500 years since Cortes came ashore

La Antigua, Mexico, Apr 18 (efe-epa).- In legends, in ruins and in the natural exuberance of the ceiba trees, the legacy of Hernan Cortes lives on in this...

Giving Streets: app combats poverty through cashless donations

London, Apr 18 (efe.-epa).- As the number of people in the UK carrying small change is dropping daily, the most vulnerable in society who rely on...

China launches Martian simulator for budding space explorers

By Víctor Escribano

People in China pay for praises from online flattery groups

By Victor Escribano

Historian: Was Cortes Indians' puppet who sold himself as conquistador?

By Zoilo Carrillo.

Bolivian lake island aims to become sanctuary for giant frogs

Yolanda Salazar

Jose Luis Gomez: Black holes are most bizarre objects

By Noemí G. Gómez

Burkina Faso split over genetically-modified mosquitoes to combat malaria

By Maria Rodriguez

Radiation: a key technique for the preservation of art and culture

By Antonio Sánchez Solís

SpaceX successfully launches Falcon Heavy rocket, deploys Arabsat-6A

Miami, USA, Apr 11 (efe-epa).- The powerful Falcon Heavy rocket, by US company SpaceX, took off from Cape Canaveral, Florida, Thursday and successfully...

I agree Welcome to We use cookies to improve your online experience. Find out more.