Security experts say that Iranian hackers have become increasingly aggressive and sophisticated as they entered cyber espionage.
Ajax Security Team, an iranian hacking group, is the first group which uses custom-built malicious software to launch espionage campaigns according to FireEye Inc (FEYE.O), a cybersecurity company from Silicon Valley.
According to FireEye’s report from Tuesday, Ajax are the ones behind the ongoing attacks on U.S defense companies and they have also targeted Iranians who are trying to avoid Tehran’s Internet censorship efforts.
Many security experts believe that Iran is to blame for a part of thedenial-of-service attacks that have interfered with the on-line banking operations of major U.S. banks, over the years.Michael Hayden, former director of the CIA and the National Security Agency declared during the Reuters Cybersecurity Summit that “I’ve grown to fear a nation state that would never go toe-to-toe with us in conventional combat that now suddenly finds they can arrest our attention with cyber attacks,”
Security experts state that after the Stuxnet attack on Tehran’s nuclear program in 2010, Iranian hackers accelerated their campaigns against foreign targets. The Stuxnet computer virus could be the cause for Iran climbing when it comes its own cyber programs.
Ajax Security began by defacing websites but after Stuxnet the group became increasingly political as FireEye researcher Nart Villeneuve reveals: “This is a good example of a phenomenon that we are going to increasingly see with hacker groups in Iran. If their objective is to attack enemies of the revolution and further the government’s objectives, then engaging in cyber espionage is going to have more impact than website defacements”.
During a recent campaign, as FireEye claims, the Ajax hackers infected computers of U.S. defense companies by sending emails and social media messages to participants of the IEEE Aerospace Conference and directed them to a fake website which was tainted with malicious software called aeroconf2014.org.
Unfortunately, the identity of the targeted companies was not mentioned by FireEye. Also, they couldn’t determine what data might have been stolen during this attack.
The malicious software used by hackers isknown as “Stealer” – this softwareseeks to collect data about compromised computers and record keystrokes, can also take screen shots and steal information from web browsers and email accounts.“Stealer” was designed to encryptthe data, temporarily store it on compromised machines and send it to the servers that are being controlled by the hackers.
Ajax used “Stealer” in a separate operation,focused on people who used software to avoid Iran’s system for censoring content, such as pornography and political opposition sites.
FireEye latest evidences suggest that Ajax acts independent of the Iranian government as they are involved in credit card fraud.
Leonard Moodispaw, the CEO of Cybersecurity firm KEYW Corp (KEYW.O), said that for the moment, Iranian hackers main focus is set on spying and stealing money but not launching Stuxnet-like destructive attacks: “They are more interested in IP and taking money than in shutting anybody down”.