A security report from Microsoft detailed in the Wall Street Journal on Wednesday described a cyber-espionage campaign of previously unsuspected scope conducted by Iranian hackers over the past two years. The hackers attacked over 200 companies around the world, inflicting hundreds of millions of dollars in damage.
Microsoft security analysts traced the attacks to a hacking group called Holmium, also known as Advanced Persistent Threat 33 (APT33). The group became operational roughly six years ago, specializing in attacks far beyond the Middle East, unlike other known Iranian threats that primarily target neighboring countries. Cybersecurity researchers have long believed APT33 works directly for the Iranian government.
As with previous cyber-espionage campaigns from APT33, the attacks chronicled by the Wall Street Journal focused on oil, gas, and construction companies, largely headquartered in the United States, Germany, the United Kingdom, India, and Saudi Arabia. The attackers stole some valuable information and wiped out other files, accounting for the huge damage assessment.
John Lambert, head of the Microsoft Threat Intelligence Center, described the intrusions as “destructive” and said they were “massively destabilizing events.”
Director of Intelligence Analysis John Hultquist of the security firm FireEye warned the Iranians are “sharpening their skills and moving up their capabilities.”
“When they turn their attention back to the United States, we may be surprised by how much more advanced they are,” Hultquist said.
The National added Microsoft’s report to a list of other recent Iranian hacker exploits:
In January cyber-espionage analysts told The National that an Iranian group called APT39, which was mainly targeting telecoms industry in the Middle East, had been exposed by the California-based cyber-security firm FireEye.
APT39 is different from other Iranian cyber espionage activities as its prime focus is on stealing personal information, in contrast with other Iranian groups that normally target traditional government and commercial information, said Benjamin Read, senior manager of cyber espionage analysis at FireEye.
Last year, government-backed Iranian hackers scrambled to break into the personal emails of US Treasury officials after harsh economic sanctions were reimposed on Tehran, a cyber-security group said.
The hacking group, nicknamed Charming Kitten, also took aim at foreign nuclear experts.
In another sign of how deeply cyber espionage is woven into the fabric of US-Iranian relations, nuclear deal defenders and detractors, Arab atomic scientists, Iranian civil society figures and Washington think-tank employees were on the hackers’ hit list.
The Associated Press on Thursday quoted the Iranian government denying involvement in the cyber-espionage campaign. A spokesman for the Iranian mission to the United Nations implied Microsoft, FireEye, and other security firms fabricated the APT33 threat as “essentially ads” for their protective services.