iroon.com: Links: A Notorious Iranian Hacking Crew Is Targeting Industrial Control Systems

Wired:

Iranian hackers have carried out some of the most disruptive acts of digital sabotage of the last decade, wiping entire computer networks in waves of cyberattacks across the Middle East and occasionally even the US. But now one of Iran's most active hacker groups appears to have shifted focus. Rather than just standard IT networks, they're targeting the physical control systems used in electric utilities, manufacturing, and oil refineries.

At the CyberwarCon conference in Arlington, Virginia Thursday, Microsoft security researcher Ned Moran plans to present new findings from the company's threat intelligence group that show a shift in the activity of the Iranian hacker group APT33, also known by the names Holmium, Refined Kitten, or Elfin. Microsoft has watched the group carry out so-called "password spraying" attacks over the last year that try just a few common passwords across user accounts at tens of thousands of organizations. That's generally considered a crude and indiscriminate form of hacking. But over the last two months, Microsoft says APT33 has significantly narrowed its password-spraying to around two thousand organizations per month, while increasing the number of accounts targeted at each of those organizations almost tenfold on average.

Microsoft ranked those targets by the number of accounts hackers tried to crack; Moran says about half of the top 25 were manufacturers, suppliers, or maintainers of industrial control system equipment. In total, Microsoft says it has seen APT33 target dozens of those industrial equipment and software firms since mid-October.

The hackers' motivation—and which industrial control systems they've actually breached—remains unclear. Moran speculates that the group is seeking to gain a foothold to carry out cyberattacks with physically disruptive effects. "They're going after these producers and manufacturers of control systems, but I don’t think they’re the end targets," says Moran. "They‘re trying to find the downstream customer, to find out how they work and who uses them. They’re looking to inflict some pain on someone’s critical infrastructure that makes use of these control systems."

Go to link

Comments

Jahanshah 's Recent Links

Link

A Notorious Iranian Hacking Crew Is Targeting Industrial Control Systems

Comments

Jahanshah 's Recent Links

Iran International: Merchants Continue Strikes In Tehran And Other Iranian Cities

The New Yorker: Donald Trump Barely Pays Any Taxes: Will Anyone Care?

CPJ: Urging Iran to stop arresting journalists, release Kayvan Samimi

Lou Reed and David Bowie: Waiting for the Man

Naomi Klein: Jews Must Raise Voices for Palestine, Oppose "False Idol of Zionism"

Patrick Bet-David: Is Iran Close to Another Revolution?

Quote

About Us

Content

Account