Iranian hackers behind mass cyber attack, says Microsoft

More than 200 companies were targeted around the world

epa07294580 (FILE) - ILLUSTRATION - A person sits in front of a computer screen in Moers, Germany, 04 January 2019 (reissued 19 Jauary 2019). Media reports on 17 January 2019 state that a record with numerous stolen user data has been published on the Internet. The collection named Collection #1 contained almost 773 million different email addresses, more than 21 million different passwords and more than a billion combinations of credentials, according to a Australian IT security expert. Internet users shall be affected worldwide.  EPA/SASCHA STEINBACH
Powered by automated translation

Microsoft has linked Iranian hackers to cyber attacks that targeted thousands of people at more than 200 companies, including some in Saudi Arabia.

The Wall Street Journal on Wednesday reported that US-based Microsoft alleged that an Iranian hacking campaign stole corporate secrets and wiped data from company computers, in an operation that began two years ago.

The cyber attacks targeted makers of heavy machinery and oil-and-gas companies in several countries, including Saudi Arabia, Germany, the UK, India and the US, causing hundreds of millions of dollars in damages.

Microsoft attributed the attacks to a group it calls Holmium, and which other security researchers call APT33, alleging  it had detected Holmium targeting more than 2,200 people with phishing emails that can install malicious code.

Governments working with tech security firms have exposed Iran’s wide-scale cyber espionage operations as Tehran comes under increased scrutiny from Washington and partners.

In January cyber-espionage analysts told The National that an Iranian group called APT39, which was mainly targeting telecoms industry in the Middle East, had been exposed by the California-based cyber-security firm FireEye.

APT39 is different from other Iranian cyber espionage activities as its prime focus is on stealing personal information, in contrast with other Iranian groups that normally target traditional government and commercial information, said Benjamin Read, senior manager of cyber espionage analysis at FireEye.

Last year, government-backed Iranian hackers scrambled to break into the personal emails of US Treasury officials after harsh economic sanctions were reimposed on Tehran, a cyber-security group said.

The hacking group, nicknamed Charming Kitten, also took aim at foreign nuclear experts.

In another sign of how deeply cyber espionage is woven into the fabric of US-Iranian relations, nuclear deal defenders and detractors, Arab atomic scientists, Iranian civil society figures and Washington think-tank employees were on the hackers' hit list.

Cyber-security is a growing concern for Gulf countries and an increasingly larger consideration in their defence budgets as they look to curb Iranian influence in the region.

In a survey, released in Davos about the top risks for businesses in the next ten years, executives in the UAE focused on technology-related concerns including cyber attacks, data fraud and the misuse of technology.

Around $600 billion (Dh2.2 trillion) is lost to cyber crime each year, according to the Centre for Strategic and International Studies.