US tech firm exposes Iranian cyber espionage group targeting Middle East

Group was after telecommunications, travel and high-tech industry data

Cyber Security experts take part in a test at the Cybersecurity Conference in Lille, northern France, Tuesday Jan. 22, 2019. The forum's scientific program sets out to encourage brainstorming and dialogue aiming to promote a European vision of cybersecurity and to strengthen the fight against cybercrime. (AP Photo/Michel Spingler)
Powered by automated translation

An Iranian cyber espionage group called APT39, which was mainly targeting telecommunications industry in the Middle East, has been exposed by California-based cybersecurity firm FireEye.

“APT39 marks the fourth Iranian cyber threat actor that FireEye has elevated to the designation Advanced Persistent Threat (APT),” said Benjamin Read, senior manager of cyber espionage analysis at FireEye.

APT is a computer network attack in which an individual or a group gains unlawful access to a network and remains undetected for a long period.

APT39 is different from other Iranian cyber espionage activities as its prime focus is on stealing personal information, in contrast with other Iranian groups that normally target traditional government and commercial information, Mr Read said.

A survey by Kaspersky Lab, a Moscow-headquartered cybersecurity firm, which evaluated data collected from Middle East enterprises through the end of 2017, revealed that 73 per cent of successful breaches were achieved by penetrating vulnerable web-based applications.

Besides the Middle East, APT39 was also targeting the US, South Korea and Spain and it was also spying on other sectors such as travel and the high-tech industry. FireEye was tracking APT39 since November 2014 but made it public on Tuesday after a series of testing and confirmations.

“APT39’s focus on personal information likely supports the planning, monitoring and tracking of intelligence operations that serve Iran’s national priorities,” stated Mr Read.

FireEye maintained that APT39 operations are conducted in support of Iranian national interests and it has similarities to APT34 – another Iranian cyber espionage threat group that was unveiled in December 2017.

Telecommunications firms are attractive targets given that they store large amounts of personal and customer information, provide access to critical infrastructure used for communications and enable access to a wide range of potential targets across multiple verticals, stated a report that was issued by FireEye on APT39 on Tuesday.

“APT39's focus on the telecommunications and travel industries suggests its intent to collect proprietary or customer data for purposes that serve strategic requirements or create additional accesses and vectors to facilitate future campaigns,” added the report.