Home SecurityNetwork Security Global threat groups pose new political and economic dangers

Global threat groups pose new political and economic dangers

by ethhack

While widely known advanced persistent threat (APT) groups emanating from Russia and China grab most of the spotlight, an array of other nation-state and adjacent threat actors are increasingly launching cyberattacks around the globe. At this year’s Cyberwarcon conference, nearly 20 of the world’s top cybersecurity researchers presented their thoughts on these less visible and complex groups, outlining their latest strategies and developments.

Iran’s APT33 gaining strength, global reach

Iran, which is rapidly emerging as one of the most destructive of the nation-state cyberwarfare actors, has a threat group known as APT33, one of the country’s most malicious cyber actors. APT33 has targeted aerospace, defense, and energy organizations. For the most part, the group is regionally focused, targeting Saudi-owned and -operated entities, according to Saher Naumaan, a threat intelligence analyst at BAE Systems Applied Intelligence.

APT33, also called Refined Kitten, Magnallium, Holmium and Alibaba, has been around since 2014 and is best known for its data wiping malware called Shamoon, which erased at least 30,000 computers belonging to Saudi Aramco in 2012. Since then, APT33 has been implicated in campaigns against industrial players in the Middle East and Europe.

However, in 2019, APT33 conducted a campaign that was “pretty narrow in scope and pretty targeted in a kind of a purpose-built set of domains and IP that they were using specifically for US political targets,” Naumaan said.

One of the most interesting aspects of APT33 is its timeline correlation with geopolitical events taking place in the Gulf of Oman, according to Naumann. In May and June of 2019, in the aftermath of oil tankers targeted with explosive attacks in the Gulf, APT33 launched a series of spear-phishing campaigns to dovetail with those assaults.

Another aspect of APT33 is its rising level of power given a series of reforms in the Iranian intelligence and security apparatus following the implementation of a maximum pressure campaign by the US against Iran. The reorganization saw the Iranian Revolutionary Guard Corps elevated in terms of rank and prestige, with more hawkish officials put into place.

Copyright © 2019 IDG Communications, Inc.

Source link

Related Articles

Leave a Comment