Iranian hackers escalated attacks after Donald Trump withdrew from nuclear deal: Reports

September 19, 2018

Iranian hackers ramped up their attacks against targets in the U.S. and abroad within weeks of President Trump withdrawing from the Iranian nuclear deal, a cybersecurity firm said Tuesday.

Suspected state-sponsored hackers launched a campaign throughout the month of July targeting companies and organizations in the U.S., Japan and Middle East, warned FireEye, a Silicon Valley-based security firm that has been monitoring the group’s activities for the last several years.

From July 2-29, researchers noticed a tenfold increase in the number of spear-phishing phishing emails sent to its clients from the same hacking groups, a director for FireEye subsidiary Mandiant told journalists during an event in Dubai, according to media reports.

Known as APT33, the group’s efforts came on the heels on Mr. Trump withdrawing in May from the Iranian nuclear agreement reached by former President Barack Obama and moving toward reimposing previously lifted sanctions, noted Alister Shepherd, Middle East and Africa director for Mandiant.

“The motivation behind the operation is uncertain, but it’s possible that the attackers were using spear phishing to facilitate the theft of intellectual property or to subsequently cause disruption in retaliation to the sanctions,” Mr, Shepherd told The National, a private English-language newspaper published in Abu Dhabi.

“Whenever we see Iranian threat groups active in this region, particularly in line with geopolitical events, we have to be concerned they might either be engaged in or pre-positioning for a disruptive attack,” he told the AP.

Iran rejected the findings through its mission to the United Nations, calling them “categorically false,” The Associated Press reported.

“Iran’s cyber capabilities are purely defensive, and these claims made by private firms are a form of false advertising designed to attract clients,” the mission said in a statement. “They should not be taken at face value.”

Spear-phishing emails typically involve attempting to trick recipients into surrendering sensitive data or installing malware, and targets can become victims by entering their log-in credentials on compromised websites or becoming infected with viruses delivered through seemingly innocuous attachments and links.

The spear-phishing emails sent in July masqueraded as originating from a Middle Eastern oil and gas company and targeted recipients at companies involved in the oil and gas industry, utilities, insurance, manufacturing and education sectors, AP reported.

“It’s imperative for companies to ensure they are capable of quickly detecting and responding to these intrusion attempts,” Mr. Shepherd told The National.

Update hourly