This time the hackers were only conducting espionage, via job-recruiting links. But researchers worry the group dubbed APT33 has a capability to launch more destructive attacks.
Hackers likely sponsored by the Iranian government recently compromised a U.S. aerospace organization, according to a new report from cybersecurity firm FireEye. The hackers, which FireEye dubs APT33, also targeted a selection of other energy and aviation bodies across Saudi Arabia and South Korea.
The attacks were espionage-driven and focused on stealing sensitive information, according to the report. But APT33 has links to a more destructive piece of malware that is designed to wipe computers, leading to concern that the group may turn to more aggressive tactics in the future.
According to the report, APT33 sent hundreds of phishing emails to targets in 2016 using a publicly available tool called ALFASHELL. The emails themselves convincingly passed off as job-recruitment ads, referencing specific job opportunities and salaries, the report adds.
The hackers, however, included links to fake company websites, and registered a slew of domains designed to look like sites for companies including Boeing and Northrop Grumman Aviation Arabia. In its report, FireEye points out that several of these companies are involved in developing military and aviation products in Saudi Arabia.
These targets are in line with what a state-sponsored hacking group may be interested in pursuing.