Iran has significantly stepped up efforts to launch cyber attacks and hack into the critical systems of multiple Middle East governments, including those of Israel, Saudi Arabia, Yemen, and a host of other nations, according to a new report by a leading Israeli cyber security firm.
Iran’s cyber operations have become increasingly sophisticated over the past year, with the Islamic Republic aiming to obtain state secrets and penetrate sensitive online systems of various governments, according to a new report by ClearSky Cyber Security.
Iran has been suspected for some time of sponsoring cyber espionage attacks, with the majority being launched against Saudi Arabia and Israel.
Senior U.S. officials hinted at Iran’s growing spying operations in February, when they confirmed that Iran was behind a major hack attack on casino magnate Sheldon Adelson’s Sands Corporation.
After tracing Iran’s efforts for about a year, ClearSky discovered evidence that the Islamic Republic has targeted some 550 targets across the region and elsewhere in the world.
"We have learned of 550 targets, most of them in the Middle East, from various fields: research about diplomacy, Middle East and Iran, international relations, and other fields; Defense and security; Journalism and human rights; and more," the report states.
These efforts include attempting to gain entrance to computer systems and email accounts associated with various targets.
"The campaign includes several different attacks with the aim of taking over the target’s computer or gain access to their email account," according to the report. "We estimate that this access is used for espionage or other nation-state interests, and not for monetary gain or hacktivism."
"In some cases, the victim is not the final target; the attackers use the infected computer, email, or stolen credentials as a platform to further attack their intended target," it states.
Iran is primarily focused on Israel and Saudi Arabia, but also has targeted at least 16 other countries, according to a breakdown of the attacks.
These Iranian hackers have been "very successful in their attacks," but due to a lack of sophistication have left traces of their presence that ClearSky was able to track.
"Various characteristics of the attacks and their targets bring us to the conclusion that the threat actors are Iranian," the firm concludes. "In addition, we note that these attacks share characteristics with previously documented activities."
These include attacks using malware, which infect a target’s computer system.
The Islamic Republic has used a series of well-known tactics to break into computer systems of governments and researchers, including Israeli ones.
The tactics include a method known as "spear phishing," in which the attacker pretends to be an associate and weaponizes an email with malicious files.
The attackers have also impersonated individuals on the phone in order "to build rapport for one of the phishing emails," according to the report.
They also have used Facebook messages in order to obtain personal information.
The report includes pictures of various emails believed to be sent by Iranian hackers.
"Several characteristics of the attacks have led us to the conclusion that an Iranian threat actor is the likely culprit," ClearSky concludes.
"The context of the attacks and cover stories all revolve around Iran. Importantly, as determined by several professionals—the attackers speak and write in native Iranian Persian and make mistakes characteristic of Persian speakers," states. "In one of the hacked accounts, when retrieved, the interface language had been changed to Persian."
According to the report, "the targets and victims match the interests of Iran."
Internet addresses and other information associated with the hack attacks also link back to Iranian actors, the report claims.