Headline: Iranian Hackers Target Global Aviation and Petrochemical Industries

A group of hackers thought to be working on behalf of the Iranian government, known as APT33, has been targeting aviation and petrochemical industries in Saudi Arabia, South Korea, and the United States, according to a new report released Wednesday by the cybersecurity firm FireEye. By mimicking emails from Boeing and other defense contractors, the hackers gained access to the networks, stole data and injected a new disk-wiping malware known as Shapeshifter.

The Cipher Take:

If the disk-wiping malware had been activated within the aviation and petrochemical industries, it could have been devastating to their operations and would have hidden any specifics of what the cyber espionage campaign was seeking to find. The attacks are reminiscent of the Shamoon attacks that hit Saudi Arabian oil giant Saudi Aramco in 2012 and resulted in the destruction of over 30,000 computers, as well as a second version of the Shamoon malware that struck Saudi government computers again in late 2016. Seven hackers working for Iranian government contractors ITSec Team and Mersad Co. were indicted by U.S. federal courts for the 2012 distributed denial of service (DDoS) attacks against Wall Street in March; the U.S. Treasury also enacted sanctions against them just last week. However, the hackers demonstrated poor operational security, leading some to believe Tehran’s hand in the operation was not meant to be secret and perhaps provocatory. The revelations of the cyber campaign emerged as U.S. President Donald Trump and Iranian President Hassan Rouhani combatively address the UN General Assembly. In his speech Tuesday, Trump described the Iranian nuclear deal as an “embarrassment” to the United States, to which Rouhani later responded by referring to him as a “rogue newcomer” to world politics.