Are APT Campaigns Funded By Iran Intensifying?

Are APT Campaigns Funded By Iran Intensifying

There are two types of APT (Advanced Persistent Threats), the first one is self-funded by the cybercriminal organizations themselves, the other one being funded by state-actors. State-actors are representatives of nation-states, with the goals aligned with the states they are associated with. The publicly accessible Internet is not only the source of news, entertainment, communication tool, and business platform but for purposes that are in the gray area. One such thing is state-funded cyber espionage campaigns, the latest are involved in a recent campaign named MuddyWater leaks while another one tentatively known as Rana Institute.

The MuddyWater leak was claimed to be perpetrated by Green Leakers hacker team. They are selling their “stolen goods” in their dark web portals, they are very careful not to reveal the exact IP address of the hacked servers involved in the sale. This is to help prevent their true owners from knowing that their servers were part of their zombie network, hence the stolen account remains valid. “These documents contain lists of victims, cyber-attack strategies, alleged areas of access, a list of employees, and screenshots from internal websites relevant to espionage systems. The identity of the actor behind the leak is currently unknown, however based on the scope and the quality of the exposed documents and information, it appears that they are professional and highly capable. This leak will likely hamstring the groups’ operation in the near future,” explained ClearSky Security Researchers.

Meanwhile, the Rana Institute leak’s purpose is to practically expand the Iranian capabilities in cyber warfare, including malware development and growth of their cross-border cyber espionage capabilities. The goal is to protect the Iranian regime from external influencers and forces that may loosen the grip of its leaders to maintain power within the nation. Iran taps the graduates of their state colleges and universities in Tehran, making them consultants for Information Technology, a very well paid job in the country.

“The objective of this sub-group is hacking, developing malware and attack tools, establishing and maintaining foothold on compromised networks, etc. One other objective is using malwares to identify anyone who poses a threat to the regime such as riot leaders. The members of the group are experts in IT, encryptions algorithms, firmware, malware and virus development. Further, they are fluent in various foreign languages,” added ClearSky Security Researchers.

Members of the group are well trained in mobile technology, malware development, Linux administration, and MacOS operations. Candidates for inclusion to the group requires knowledge with web development technologies and related platforms such as SQL Server, Oracle, MySQL, NoSQL, Javascript, .NET, Ruby and Rails, Python, PHP, HTML5 and CSS.

Targeted Countries

  • Afghanistan
  • Africa
  • Australia
  • Azerbaijan
  • Bahrain
  • Colombia
  • Dubai
  • Egypt
  • Ethiopia
  • Fiji
  • Hong Kong
  • India
  • Indonesia
  • Iraq
  • Israel
  • Kenia
  • Kuwait
  • Kyrgyzstan
  • Lebanon
  • Malaysia
  • Mauritius
  • Morocco
  • New Zealand
  • Oman
  • Pakistan
  • Philippines
  • Qatar
  • South
  • Sri Lanka
  • Syria
  • Thailand
  • Turkey
  • UAE

“The identity of the actor behind the leak is currently unknown, however based on the scope and the quality of the exposed documents and information, it appears that they are professional and highly capable. This leak will likely hamstring the groups’ operation in the near future. Accordingly, in our assessment this will minimize the risk of potential attacks in the next few months and possibly even year,” concluded ClearSky Security Researchers.

Also Read:

APT32 Malware’s Use Of New Downloader Critical To Its Propagation Success

APT Actors Exploiting Global MSPs: DHS Security Alert

Julia Sowells924 Posts

Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.

0 Comments

Leave a Comment

Login

Welcome! Login in to your account

Remember me Lost your password?

Don't have account. Register

Lost Password
Register