Cyber espionage group Elfin is targeting organisations across a diverse range of sectors in Saudi Arabia, the Arab world’s largest economy.
Elfin – commonly known as APT33 - accounted for 41 per cent of attacks on Saudi Arabia detected since 2016, said American software firm Symantec. The kingdom is followed by the US (34 per cent), Belgium (5 per cent) and UK and Jordan (4 per cent each).
“The group has remained highly active over the past three years, utilising a wide array of tools against its victims ranging from custom-built malware to off-the-shelf RATs,” said Sunil Varkey, chief technical officer, emerging markets, at Symantec.
RAT (remote access Trojan) is a malicious software that includes a "back door" allowing administrative control over a target computer.
Elfin has compromised a wide range of targets in the region, including government entities and businesses active in the fields of research, chemicals, engineering, manufacturing, consulting, finance and telecoms.
Although Symantec did not reveal the origin of Elfin, other independent researchers have confirmed Iranian cyber criminals are behind its operations.
Elfin has attacked at least 50 organisations in Saudi Arabia, US and in other countries in past few years, said Mr Varkey, adding that it specialises in scanning for vulnerable websites to identify potential targets.
Cybersecurity is a significant concern for Arabian Gulf countries and a growing consideration in their defence budgets as they look to curb Iranian influence in the region.
In a report published last month, tech giant Microsoft linked Iranian hackers to cyber attacks that targeted thousands of people at more than 200 companies, including some in the kingdom.
Cybercrime cost about $600 billion (Dh2.2 trillion) globally in 2017, or 0.8 per cent of the world’s gross domestic product, according to a report by McAfee, a computer security software company, and the Centre for Strategic and International Studies based in Washington.
Iran has been accused of launching state-sponsored cyber espionage attacks against the Middle East in the past. In January cyber-espionage analysts told The National that an Iranian group called APT39, which was mainly targeting the telecoms industry in the Middle East, had been exposed by the US-based cyber-security firm FireEye.
