Iranian Group Suspected Of Hacking Saudi Aviation & Petrochemical Industries
A new report by FireEye, a cybersecurity firm, claims that a group of hackers targeting the aviation and petrochemical industries in Saudi Arabia, the US and South Korea, is suspected of working in Iran for its government. Stuart Davis, a director at one of FireEye’s subsidiaries, briefed journalists on the report in Dubai on September 20.
The report said the suspected Iranian hackers left behind a new type of malware that could have been used to destroy the computers it infected, similar to two other Iran-attributed cyberattacks targeting Saudi Arabia in 2012 and 2016 that destroyed systems.
FireEye said the hackers used phishing email attacks with fake job opportunities to gain access to the companies affected, faking domain names to make it look like the messages came from Boeing or other defence contractors.
The hackers remained inside of the systems of those affected for “four to six months” at a time, able to steal data and leaving behind the malware that FireEye refers to as Shapeshift. The coding contains Farsi-language references, the official language of Iran, FireEye said.
There is also evidence to link the attacks to the Nasr Institute, a suspected Iranian government hacking organisation.
Iran is believed to be behind the spread of Shamoon in 2012, which hit Saudi Aramco and Qatari natural gas producer RasGas. The virus deleted hard drives and then displayed a picture of a burning American flag on computer screens. Saudi Aramco ultimately shut down its network and destroyed over 30,000 computers.
A second version of Shamoon infected Saudi government computers in late 2016, with suspicion again falling on Iran