Many in the cyber community predicted an increased in the Iranian Regime’s cyber warfare to coincide with the US withdrawal from the 2015 nuclear deal and reimposition of sanctions on Iran.

These experts were right and Iran’s cyber warfare activities have kicked into full force – not that they ever really ended in the first place –and the West have seen a wave of digital attacks that cyber security firms are attributing to Iranian state-sponsored hackers.

Eric Chien, a fellow in Symantec’s security technology and response division, said: “If you look at these groups, they’re not hacking for money, what they’re doing is very much nation state motivations. So if we continue to see some sort of geopolitical issues in the Middle East, you’re definitely going to see continued attacks. If those geopolitical issues start to get resolved, then you’ll see it go back to background noise. It’s very reactionary, and very much related to what’s going on in the geopolitical world.”

In fact, one of the things linking Iran to these attacks is the use of a modified version of the Shamoon virus, which was used to exfiltrate, wipe, and neuter servers and computers at Saudi Arabian state-backed oil company Saudi Aramco in 2012.

One victim of the recent attack is Italian oil company Saipem, a client of Saudi Aramco, but it is believed that two other gas and oil industry organizations in Saudi Arabia and the United Arab Emirates have also been targeted.

Cyber security company Crowdstrike said that these recent attacks capitalising on the flexibility of the virus actually strengthens the link to Iran.

Chien said: “For some groups, a lot of the evidence of a link to Iran looks at victim profiles and it’s basically every country in the Middle East except Iran. And definitely, Saudi Arabia seems to always be in that mix as a target. So that type of thing is not a hard link in itself. But if you just look at the Shamoon activity alone you could say Iranian hacking is up.”

Another Iranian hacking collective, called Charming Kitten by British security firm Certfa, has been in the news recently for targeted phishing campaigns against US Treasury officials, Washington DC think tanks diplomatic groups, and others in order to gather login information.

In response, Crowdstrike said: “Iran has targeted the West before and will continue to do so. Certainly visibility into some of the groups that are responsible for enforcing sanctions against Iran, like the Treasury, that’s going to be within their interest and things that they would want to target.”

Source » ncr-iran