FILE- In this Wednesday, Sept. 20, 2017 file photo, Stuart Davis, a director at one of FireEye's subsidiaries speaks to journalists about the techniques of Iranian hacking, in Dubai, United Arab Emirates. (AP Photo/Kamran Jebreili, File)
Government and defence sectors in the UAE and Saudi Arabia will be the main targets for Iran, security experts say. AP

Iran hackers ramping up attacks on Gulf energy firms

An Iranian hacker group has significantly stepped up its cyber espionage operations against GCC companies in the energy sector after US President Donald Trump withdrew from the nuclear deal and reimposed sanctions on Tehran’s economy, according to a new investigation.

Security firm FireEye released new research on Tuesday that showed how the hacker group APT33, widely believed to be linked to the Iranian regime, has targeted Middle Eastern companies as well as organisations from the United States and Japan across various sectors including utilities, insurance, manufacturing and education.

The hacker group sent spear phishing emails to its targets between July 2 and July 29. In the emails, the group disguised its messages as mail from a Middle Eastern oil and gas company, which was not identified by FireEye. Such emails seek to trick the recipient into clicking malicious links that transfers sensitive information to the hackers.


Read more:

Suspected Iranian hackers target Saudi, US and Korean industries

Iran-based hacker charged with trying to extort HBO

Iran's Zarif slams Twitter for 'influence op' crackdown


In response to a question from The National, the firm said "GCC states" were targeted by the group, but declined to be more specific.

“In July, we observed a significant increase in activity from this Iran-affiliated APT group,” Alister Shepherd, Middle East and Africa director for Mandiant, a consulting arm at FireEye, said on Tuesday.

He added that APT33's operation likely focused on the energy sector because Iran's own energy industry has been severely affected "by recent sanctions" reimposed after Mr Trump's withdrawal and the group may have been seeking to target its rivals' industries.

The American firm saw a ten-fold increase in the phishing emails “from a small number… to a large volume”. It said it expected the operations to continue, targeting the same sectors, as the sanctions continue to bite.

The security firm said it had a high degree of certainty that the hacker group was linked to Iran.

“We are confident in the Iranian government link, this is based on four years of tracking activity,” Mr Shepherd told reporters at a briefing in Dubai.

The timing of the group’s activities was one of the key indicators that they were based out of Iran. Its operatives primarily worked “Saturday through Wednesday…which fits with the Iranian week. When it happens consistently over time that’s a strong indicator,” the FireEye executive said.

The security firm also saw Farsi language used in some of the hacker group’s coding. It said the phishing was not a false flag operation, as the company’s tracking involved “actively watching the attacker come in and do their work”.

Earlier this year, the United States withdrew from the nuclear deal signed between Tehran and world powers in July 2015 that sought to limit Iran's nuclear programme in return for the lifting of crippling international sanctions. US President Donald Trump reimposed those sanctions in August, with a second raft of sanctions expected in November.

The US has threatened to impose secondary sanctions on any country doing business with Iran. The American measures are expected to severely impact Iran’s oil sector and its wider economy.

“The motivation behind the operation is uncertain, but it’s possible that the attackers were using spear phishing to facilitate the theft of intellectual property or to subsequently cause disruption in retaliation to the sanctions,” Mr Shepherd continued.

“It’s imperative for companies to ensure they are capable of quickly detecting and responding to these intrusion attempts.”

The hacker group was conducting similar cyber espionage operations before the 2015 nuclear deal. FireEye’s last report on APT33, released in September 2017, revealed the group had been carrying out cyber espionage operations since 2013. It had attacked organisations across multiple industries – from aviation to petrochemical production – in the United States, Saudi Arabia and South Korea.

It concluded that the targeting of a Saudi organisation using phishing emails was possibly a bid to gain insight into the workings of Iran’s regional rivals, specifically in the Arabian Gulf.

The security firm pointed to several trends that indicated the hacker group was linked to the Iranian regime. One of the actors attempting to spread APT33 malware was a prominent figure on Iranian hacktivist forums and had links to the Nasr Institute, widely believed to be Iran’s “cyber army” controlled by Tehran.

The group’s targeting of companies in the aerospace and energy industries align with Iranian state interests.

To carry out its operations, APT33 used hacker tools popular with other suspected Iranian threat groups and used Iranian hosting companies.

The evidence, the security firm said, points to the hacker group likely being based out of Iran and acting on the direction of the Iranian state. It said it was likely searching for strategic intelligence that could aid a government or military sponsor to enhance its decision-making or improve its own capabilities.

The latest report from FireEye comes after it released another body of evidence about Iranian state activities last month. It revealed the breadth of Iran’s disinformation efforts on social media, using fake accounts to promote the regime’s agenda and oppose Western policies it believes harms Iranian interests.

A tip-off from FireEye pushed Facebook, Google and Twitter into removing dozens of accounts suspected of links to the Iranian propaganda campaign.

Material spread by the accounts included cartoons of Saudi Crown Prince Mohammad Bin Salman, articles opposing US President Donald Trump, and others supportive of politicians seen as more favourable to Iranian policy, including British opposition leader Jeremy Corbyn.

RoboCop: Rogue City

Developer: Teyon
Publisher: Nacon
Console: PlayStation 5, Xbox Series X/S and PC
Rating: 3/5


2016 - Lewis Hamilton (Mercedes-GP)
2015 - Lewis Hamilton (Mercedes-GP)
2014 - Lewis Hamilton (Mercedes-GP)
2013 - Nico Rosberg (Mercedes-GP)
2012 - Mark Webber (Red Bull Racing)
2011 - Fernando Alonso (Ferrari)
2010 - Mark Webber (Red Bull Racing)
2009 - Sebastian Vettel (Red Bull Racing)
2008 - Lewis Hamilton (McLaren)
2007 - Kimi Raikkonen (Ferrari)

UAE currency: the story behind the money in your pockets

Company name: Klipit

Started: 2022

Founders: Venkat Reddy, Mohammed Al Bulooki, Bilal Merchant, Asif Ahmed, Ovais Merchant

Based: Dubai, UAE

Industry: Digital receipts, finance, blockchain

Funding: $4 million

Investors: Privately/self-funded


Engine: Two-litre four-cylinder turbo
Power: 235hp
Torque: 350Nm
Transmission: Nine-speed automatic
Price: From Dh167,500 ($45,000)
On sale: Now

Most ODI hundreds

49 - Sachin Tendulkar, India
47 - Virat Kohli, India
31 - Rohit Sharma, India
30 - Ricky Ponting, Australia/ICC
28 - Sanath Jayasuriya, Sri Lanka/Asia
27 - Hashim Amla, South Africa
25 - AB de Villiers, South Africa/Africa
25 - Chris Gayle, West Indies/ICC
25 - Kumar Sangakkara, Sri Lanka/ICC/Asia
22 - Sourav Ganguly, India/Asia
22 - Tillakaratne Dilshan, Sri Lanka

Company Profile

Company name: Hoopla
Date started: March 2023
Founder: Jacqueline Perrottet
Based: Dubai
Number of staff: 10
Investment stage: Pre-seed
Investment required: $500,000


Name: Xpanceo

Started: 2018

Founders: Roman Axelrod, Valentyn Volkov

Based: Dubai, UAE

Industry: Smart contact lenses, augmented/virtual reality

Funding: $40 million

Investor: Opportunity Venture (Asia)

Signs of heat stroke
  • The loss of sodium chloride in our sweat can lead to confusion and an altered mental status and slurred speech
  • Body temperature above 39°C
  • Hot, dry and red or damp skin can indicate heatstroke
  • A faster pulse than usual
  • Dizziness, nausea and headaches are also signs of overheating
  • In extreme cases, victims can lose consciousness and require immediate medical attention
How to avoid getting scammed
  • Never click on links provided via app or SMS, even if they seem to come from authorised senders at first glance
  • Always double-check the authenticity of websites
  • Enable Two-Factor Authentication (2FA) for all your working and personal services
  • Only use official links published by the respective entity
  • Double-check the web addresses to reduce exposure to fake sites created with domain names containing spelling errors
Dengue fever symptoms
  • High fever
  • Intense pain behind your eyes
  • Severe headache
  • Muscle and joint pains
  • Nausea
  • Vomiting
  • Swollen glands
  • Rash

If symptoms occur, they usually last for two-seven days

The specs

Engine: 6-cylinder, 4.8-litre
Transmission: 5-speed automatic and manual
Power: 280 brake horsepower
Torque: 451Nm
Price: from Dh153,00
On sale: now

The specs

Engine: 2-litre 4-cylinder mild hybrid
Transmission: 7-speed S tronic
Power: 265hp / 195kW
Torque: 370Nm
Price: from Dh260,000
On sale: now

Our family matters legal consultant

Name: Hassan Mohsen Elhais

Position: legal consultant with Al Rowaad Advocates and Legal Consultants.

The specs

Engine: Dual synchronous electric motors
Power: 646hp
Torque: 830Nm
Transmission: Two-speed auto (rear axle); single-speed auto (front)
Price: From Dh552,311; Dh660,408 (as tested)
On sale: now


Sept 15: Bangladesh v Sri Lanka (Dubai)

Sept 16: Pakistan v Qualifier (Dubai)

Sept 17: Sri Lanka v Afghanistan (Abu Dhabi)

Sept 18: India v Qualifier (Dubai)

Sept 19: India v Pakistan (Dubai)

Sept 20: Bangladesh v Afghanistan (Abu Dhabi) Super Four

Sept 21: Group A Winner v Group B Runner-up (Dubai) 

Sept 21: Group B Winner v Group A Runner-up (Abu Dhabi)

Sept 23: Group A Winner v Group A Runner-up (Dubai)

Sept 23: Group B Winner v Group B Runner-up (Abu Dhabi)

Sept 25: Group A Winner v Group B Winner (Dubai)

Sept 26: Group A Runner-up v Group B Runner-up (Abu Dhabi)

Sept 28: Final (Dubai)

On the menu

First course

▶ Emirati sea bass tartare Yuzu and labneh mayo, avocado, green herbs, fermented tomato water  

▶ The Tale of the Oyster Oyster tartare, Bahraini gum berry pickle

Second course

▶ Local mackerel Sourdough crouton, baharat oil, red radish, zaatar mayo

▶ One Flew Over the Cuckoo’s Nest Quail, smoked freekeh, cinnamon cocoa

Third course

▶ Bahraini bouillabaisse Venus clams, local prawns, fishfarm seabream, farro

▶ Lamb 2 ways Braised lamb, crispy lamb chop, bulgur, physalis


▶ Lumi Black lemon ice cream, pistachio, pomegranate

▶ Black chocolate bar Dark chocolate, dates, caramel, camel milk ice cream

We Weren’t Supposed to Survive But We Did

We weren’t supposed to survive but we did.      
We weren’t supposed to remember but we did.              
We weren’t supposed to write but we did.  
We weren’t supposed to fight but we did.              
We weren’t supposed to organise but we did.
We weren’t supposed to rap but we did.        
We weren’t supposed to find allies but we did.
We weren’t supposed to grow communities but we did.        
We weren’t supposed to return but WE ARE.
Amira Sakalla

The Roundup

Director: Lee Sang-yong
Stars: Ma Dong-seok, Sukku Son, Choi Gwi-hwa
Rating: 4/5

What went into the film

25 visual effects (VFX) studios

2,150 VFX shots in a film with 2,500 shots

1,000 VFX artists

3,000 technicians

10 Concept artists, 25 3D designers

New sound technology, named 4D SRL


Most Read
Top Videos