704-200-2024 [email protected]

Zak Doffman posted: “Iran’s state-sponsored hackers have deployed a new strain of malicious malware, warns IBM, which has been aimed at the “industrial and energy sectors” in the Middle East.

No specific companies have been identified, but there’s no surprise in the nature of the attack. For Iran, its ongoing hybrid conflict with the U.S. and its allies has made these sectors a target. IBM has attributed the latest “destructive attacks” to Iran’s hyperactive APT34 “and at least one other group, [also] likely based out of Iran.”

APT34 has hit the headlines a few times this year, including a phishing attack using LinkedIn. But it’s the identity of that “one other group” that’s arguably more interesting. The sectoral targets and use of wiper malware points towards Iran’s APT33, arguably the best known of its threat actors. This is the group behind the Microsoft Outlook exploit in July, prompting a U.S. government warning, and which deployed its own VPN to veil“aggressive attacks” on U.S. and Middle East targets in the oil and gas sector.

APT33 was also behind the infamous 2012 Shamoon attack on Saudi Aramco, an attack that erased the data on most of the company’s computers. Full story at Forbes