Government and defence sectors in the UAE and Saudi Arabia will be the main targets for Iran, security experts say. AP
Government and defence sectors in the UAE and Saudi Arabia will be the main targets for Iran, security experts say. AP
Government and defence sectors in the UAE and Saudi Arabia will be the main targets for Iran, security experts say. AP
Government and defence sectors in the UAE and Saudi Arabia will be the main targets for Iran, security experts say. AP

Iran hackers ramping up attacks on Gulf energy firms


  • English
  • Arabic

An Iranian hacker group has significantly stepped up its cyber espionage operations against GCC companies in the energy sector after US President Donald Trump withdrew from the nuclear deal and reimposed sanctions on Tehran’s economy, according to a new investigation.

Security firm FireEye released new research on Tuesday that showed how the hacker group APT33, widely believed to be linked to the Iranian regime, has targeted Middle Eastern companies as well as organisations from the United States and Japan across various sectors including utilities, insurance, manufacturing and education.

The hacker group sent spear phishing emails to its targets between July 2 and July 29. In the emails, the group disguised its messages as mail from a Middle Eastern oil and gas company, which was not identified by FireEye. Such emails seek to trick the recipient into clicking malicious links that transfers sensitive information to the hackers.

_______________

Read more:

Suspected Iranian hackers target Saudi, US and Korean industries

Iran-based hacker charged with trying to extort HBO

Iran's Zarif slams Twitter for 'influence op' crackdown

_______________

In response to a question from The National, the firm said "GCC states" were targeted by the group, but declined to be more specific.

“In July, we observed a significant increase in activity from this Iran-affiliated APT group,” Alister Shepherd, Middle East and Africa director for Mandiant, a consulting arm at FireEye, said on Tuesday.

He added that APT33's operation likely focused on the energy sector because Iran's own energy industry has been severely affected "by recent sanctions" reimposed after Mr Trump's withdrawal and the group may have been seeking to target its rivals' industries.

The American firm saw a ten-fold increase in the phishing emails “from a small number… to a large volume”. It said it expected the operations to continue, targeting the same sectors, as the sanctions continue to bite.

The security firm said it had a high degree of certainty that the hacker group was linked to Iran.

“We are confident in the Iranian government link, this is based on four years of tracking activity,” Mr Shepherd told reporters at a briefing in Dubai.

The timing of the group’s activities was one of the key indicators that they were based out of Iran. Its operatives primarily worked “Saturday through Wednesday…which fits with the Iranian week. When it happens consistently over time that’s a strong indicator,” the FireEye executive said.

The security firm also saw Farsi language used in some of the hacker group’s coding. It said the phishing was not a false flag operation, as the company’s tracking involved “actively watching the attacker come in and do their work”.

Earlier this year, the United States withdrew from the nuclear deal signed between Tehran and world powers in July 2015 that sought to limit Iran's nuclear programme in return for the lifting of crippling international sanctions. US President Donald Trump reimposed those sanctions in August, with a second raft of sanctions expected in November.

The US has threatened to impose secondary sanctions on any country doing business with Iran. The American measures are expected to severely impact Iran’s oil sector and its wider economy.

“The motivation behind the operation is uncertain, but it’s possible that the attackers were using spear phishing to facilitate the theft of intellectual property or to subsequently cause disruption in retaliation to the sanctions,” Mr Shepherd continued.

“It’s imperative for companies to ensure they are capable of quickly detecting and responding to these intrusion attempts.”

The hacker group was conducting similar cyber espionage operations before the 2015 nuclear deal. FireEye’s last report on APT33, released in September 2017, revealed the group had been carrying out cyber espionage operations since 2013. It had attacked organisations across multiple industries – from aviation to petrochemical production – in the United States, Saudi Arabia and South Korea.

It concluded that the targeting of a Saudi organisation using phishing emails was possibly a bid to gain insight into the workings of Iran’s regional rivals, specifically in the Arabian Gulf.

The security firm pointed to several trends that indicated the hacker group was linked to the Iranian regime. One of the actors attempting to spread APT33 malware was a prominent figure on Iranian hacktivist forums and had links to the Nasr Institute, widely believed to be Iran’s “cyber army” controlled by Tehran.

The group’s targeting of companies in the aerospace and energy industries align with Iranian state interests.

To carry out its operations, APT33 used hacker tools popular with other suspected Iranian threat groups and used Iranian hosting companies.

The evidence, the security firm said, points to the hacker group likely being based out of Iran and acting on the direction of the Iranian state. It said it was likely searching for strategic intelligence that could aid a government or military sponsor to enhance its decision-making or improve its own capabilities.

The latest report from FireEye comes after it released another body of evidence about Iranian state activities last month. It revealed the breadth of Iran’s disinformation efforts on social media, using fake accounts to promote the regime’s agenda and oppose Western policies it believes harms Iranian interests.

A tip-off from FireEye pushed Facebook, Google and Twitter into removing dozens of accounts suspected of links to the Iranian propaganda campaign.

Material spread by the accounts included cartoons of Saudi Crown Prince Mohammad Bin Salman, articles opposing US President Donald Trump, and others supportive of politicians seen as more favourable to Iranian policy, including British opposition leader Jeremy Corbyn.

ESSENTIALS

The flights

Emirates flies from Dubai to Phnom Penh via Yangon from Dh2,700 return including taxes. Cambodia Bayon Airlines and Cambodia Angkor Air offer return flights from Phnom Penh to Siem Reap from Dh250 return including taxes. The flight takes about 45 minutes.

The hotels

Rooms at the Raffles Le Royal in Phnom Penh cost from $225 (Dh826) per night including taxes. Rooms at the Grand Hotel d'Angkor cost from $261 (Dh960) per night including taxes.

The tours

A cyclo architecture tour of Phnom Penh costs from $20 (Dh75) per person for about three hours, with Khmer Architecture Tours. Tailor-made tours of all of Cambodia, or sites like Angkor alone, can be arranged by About Asia Travel. Emirates Holidays also offers packages. 

UAE currency: the story behind the money in your pockets
Greatest of All Time
Starring: Vijay, Sneha, Prashanth, Prabhu Deva, Mohan
Director: Venkat Prabhu
Rating: 2/5
The specs: 2018 Kia Picanto

Price: From Dh39,500

Engine: 1.2L inline four-cylinder

Transmission: Four-speed auto

Power: 86hp @ 6,000rpm

Torque: 122Nm @ 4,000rpm

Fuel economy, combined: 6.0L / 100km

Specs

Engine: Duel electric motors
Power: 659hp
Torque: 1075Nm
On sale: Available for pre-order now
Price: On request

The Matrix Resurrections

Director: Lana Wachowski

Stars:  Keanu Reeves, Carrie-Anne Moss, Jessica Henwick 

Rating:****

David Haye record

Total fights: 32
Wins: 28
Wins by KO: 26
Losses: 4

The specs
 
Engine: 3.0-litre six-cylinder turbo
Power: 398hp from 5,250rpm
Torque: 580Nm at 1,900-4,800rpm
Transmission: Eight-speed auto
Fuel economy, combined: 6.5L/100km
On sale: December
Price: From Dh330,000 (estimate)
While you're here
UAE currency: the story behind the money in your pockets
How to join and use Abu Dhabi’s public libraries

• There are six libraries in Abu Dhabi emirate run by the Department of Culture and Tourism, including one in Al Ain and Al Dhafra.

• Libraries are free to visit and visitors can consult books, use online resources and study there. Most are open from 8am to 8pm on weekdays, closed on Fridays and have variable hours on Saturdays, except for Qasr Al Watan which is open from 10am to 8pm every day.

• In order to borrow books, visitors must join the service by providing a passport photograph, Emirates ID and a refundable deposit of Dh400. Members can borrow five books for three weeks, all of which are renewable up to two times online.

• If users do not wish to pay the fee, they can still use the library’s electronic resources for free by simply registering on the website. Once registered, a username and password is provided, allowing remote access.

• For more information visit the library network's website.

Types of bank fraud

1) Phishing

Fraudsters send an unsolicited email that appears to be from a financial institution or online retailer. The hoax email requests that you provide sensitive information, often by clicking on to a link leading to a fake website.

2) Smishing

The SMS equivalent of phishing. Fraudsters falsify the telephone number through “text spoofing,” so that it appears to be a genuine text from the bank.

3) Vishing

The telephone equivalent of phishing and smishing. Fraudsters may pose as bank staff, police or government officials. They may persuade the consumer to transfer money or divulge personal information.

4) SIM swap

Fraudsters duplicate the SIM of your mobile number without your knowledge or authorisation, allowing them to conduct financial transactions with your bank.

5) Identity theft

Someone illegally obtains your confidential information, through various ways, such as theft of your wallet, bank and utility bill statements, computer intrusion and social networks.

6) Prize scams

Fraudsters claiming to be authorised representatives from well-known organisations (such as Etisalat, du, Dubai Shopping Festival, Expo2020, Lulu Hypermarket etc) contact victims to tell them they have won a cash prize and request them to share confidential banking details to transfer the prize money.

Volvo ES90 Specs

Engine: Electric single motor (96kW), twin motor (106kW) and twin motor performance (106kW)

Power: 333hp, 449hp, 680hp

Torque: 480Nm, 670Nm, 870Nm

On sale: Later in 2025 or early 2026, depending on region

Price: Exact regional pricing TBA

The specs

Engine: 2.0-litre 4cyl turbo

Power: 261hp at 5,500rpm

Torque: 405Nm at 1,750-3,500rpm

Transmission: 9-speed auto

Fuel consumption: 6.9L/100km

On sale: Now

Price: From Dh117,059

F1 The Movie

Starring: Brad Pitt, Damson Idris, Kerry Condon, Javier Bardem

Director: Joseph Kosinski

Rating: 4/5

Labour dispute

The insured employee may still file an ILOE claim even if a labour dispute is ongoing post termination, but the insurer may suspend or reject payment, until the courts resolve the dispute, especially if the reason for termination is contested. The outcome of the labour court proceedings can directly affect eligibility.


- Abdullah Ishnaneh, Partner, BSA Law