Cyber experts warn Iranian hackers becoming more aggressive

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.gmanetwork.com/news/story/360825/scitech/technology/cyber-experts-warn-iranian-hackers-becoming-more-aggressive

Iranian hackers have become increasingly aggressive and sophisticated,
moving from disrupting and defacing U.S. websites to engaging in cyber
espionage, security experts say.

According to Silicon Valley-based cybersecurity company FireEye Inc, a
group called the Ajax Security Team has become the first Iranian hacking
group known to use custom-built malicious software to launch espionage
campaigns.

Ajax is behind an ongoing series of attacks on U.S. defense companies and
has also targeted Iranians who are trying to circumvent Tehran's Internet
censorship efforts, FireEye said in a report to be published on Tuesday.

Many security experts have said that Iran is behind a series of
denial-of-service attacks that have disrupted the online banking operations
of major U.S. banks over the past few years.

"I've grown to fear a nation state that would never go toe-to-toe with us
in conventional combat that now suddenly finds they can arrest our
attention with cyber attacks," Michael Hayden, former director of the CIA
and the National Security Agency, told the Reuters Cybersecurity Summit on
Monday.

Security experts say Iranian hackers stepped up their campaigns against
foreign targets in the wake of the Stuxnet attack on Tehran's nuclear
program in 2010. The Stuxnet computer virus is widely believed to have been
launched by the United States and prompted Iran to ramp up its own cyber
programs.

According to FireEye, the Ajax Security Team was formed by hackers known as
"HUrr!c4nE!" and "Cair3x," and began by defacing websites. The group became
increasingly political after Stuxnet, FireEye researcher Nart Villeneuve
said.

"This is a good example of a phenomenon that we are going to increasingly
see with hacker groups in Iran. If their objective is to attack enemies of
the revolution and further the government's objectives, then engaging in
cyber espionage is going to have more impact than website defacements," he
said.

In one recent campaign, the Ajax hackers infected computers of U.S. defense
companies by sending emails and social media messages to attendees of the
IEEE Aerospace Conference and directed them to a fake website called
aeroconf2014.org, which was tainted with malicious software, FireEye said.

FireEye declined to name the companies that were targeted and said that it
had not been able to determine what data might have been stolen.

The Ajax hackers used a malicious software dubbed "Stealer" that sought to
collect data about compromised computers and record keystrokes, according
to FireEye. It could also grab screen shots and steal information from web
browsers and email accounts.

"Stealer" encrypted that data, temporarily stored it on compromised
machines, then sent it to servers controlled by the hackers.

Using "Stealer," Ajax ran a separate operation that targeted people who
were using software to try to circumvent Iran's system for censoring
content, such as pornography and political opposition sites, FireEye said.

Villeneuve said FireEye had also uncovered evidence that Ajax engaged in
credit card fraud, which suggests the hackers were not under the direct
control of the Iranian government.

Leonard Moodispaw, chief executive of cybersecurity firm KEYW Corp, said
that for now, Iranian hackers appeared to be increasingly spying and
stealing money but not launching Stuxnet-like destructive attacks.

"They are more interested in IP and taking money than in shutting anybody
down," Moodispaw told the Reuters summit. KEYW's biggest customers are U.S.
intelligence agencies

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!