An Israeli cybersecurity company says Iranian threat actors are running a highly targeted cyber-espionage operation against global aerospace and telecommunications companies, stealing sensitive information from targets around Israel and the Middle East, as well as in the United States, Russia and Europe.
Cybereason identified a sophisticated new form of malware during an incident response call for one of its clients, said Assaf Dahan, head of the cyber-threat research group.
The campaign has been running since at least 2018, and has likely succeeded in gathering large amounts of data from carefully chosen targets, Dahan said.
“From the few traces left behind by the attackers, it is clear that they acted carefully and selected their victims thoroughly. This is a sophisticated Iranian attacker who acted professionally according to a considered and calculated strategy. The potential risk inherent in such an assault campaign is large and significant for the State of Israel and may pose a real threat.
“This was a very sophisticated operation that has all the hallmarks of a state-sponsored attack,” Dahan said. “While other Iranian groups are involved with more destructive acts, this one is focused on gathering information. The fact that they were able to stay under the radar for three years shows their level of sophistication. We assess that they have been able to exfiltrate large amounts of data over the years – gigabytes or even terabytes. We don’t know how many victims there were before 2018.”
Affected organizations and relevant security officials had been updated by it on the attack, but the extent of the actual damage caused has not yet been clarified, Cybereason said.
FREE COPY: Understanding the threat from Iran
Covering the threat from Iran to Israel and the West, plus the plight of the Iranian people: Read our Operation Mordecai campaign booklet online or receive a FREE copy by post.
Become a member of CUFI and receive these mini-books and exclusive lapel-pin
Related Articles:
