Today, cybersecurity investigators explained Iranian cyber espionage activities aimed at critical infrastructure in Kuwait and Saudi Arabia.
Bitdefender said the information collection operation was conducted by Chafer APT. Chafer APT is known for its attacks on telecommunications and travel industries in the Middle East. They seek to collect personal information that is in line with the country’s geopolitical interests. In a message, investigators said: “Victims of the attack fit into the actor’s preferred model, such as air transport and the Middle East government.”
Last year’s FireEye report added to evidence that Chafer focused on telecommunications and tourism. The company said: “Telecommunications companies are attractive targets because they store large amounts of client and personal information; provide access to critical infrastructure used for communications, and can access a wide range of potential goals in various industries.”
APT39 compromises its targets via spear-phishing emails with malicious attachments and using various backdoor tools to increase their privileges, perform internal recognition and persistence in the victim’s environment, thereby destroying their targets.
On the other hand, an attack on organizations in Saudi Arabia included the use of social engineering to trick victims into using remote control tools, some of which are similar to those used in Kuwait and Turkey.
Investigators said: “Although this attack is not as widespread as in Kuwait; some court evidence suggests that the same attacker may have planned it.”
“Despite evidence of network discovery, we cannot find any traces of lateral traffic; most likely because the actors in danger cannot find vulnerable cars.”
Attacks in Kuwait and Saudi Arabia remind people that Iranian cyber-espionage has no sign of slowing down. Given the critical nature of the industry, the Chafer movement continues its tendency to suppress countries that violate their national ambitions.
“While these two are the most recent attack examples happening in the Middle East; it is important to understand that this type of attack can happen anywhere in the world; and critical infrastructures like government and air transportation remain very sensitive targets,” Bitdefender said.