Accenture reports that the attacks emerging from Iran, from both state-sponsored groups and hacktivists, have increased greatly in the first half of 2018 and that this trend is only likely to continue.
It is worth noting that many of the Iranian individuals or groups committing cyber attacks in Iran are not actually working alone. Many appear to be independent, but their actions can be traced back to the Iranian Regime through the method of attack and their targets. Independent hackers will try to extract money from targets, but will rarely attack government or military companies, as the penalties are not worth the risk.
Accenture researchers say that Iran’s attacks represent a “disruptive or destructive cyber threat against the United States, Europe, and the Middle East”, but they believe that these groups will turn their attention to other Middle Eastern nations.
Accenture has been tracking an Iranian group called Pipefish, which is active across the Middle East and seems to be targeting organizations in countries including Saudi Arabia, Qatar, and the United Arab Emirates to spy on. Pipefish is now able to remotely control the victim’s machines without them even noticing. The tools used by this group show that cyber attacks in Iran are advancing.
Iran’s weapon of choice is mobile malware, which is secretly downloaded onto a device through the use of dubious apps that are not verified by the main apps stores. However, many Iranian hackers are constantly attempting to sneak their malicious code into legitimate apps that are verified.
Accenture believes that many Iranian hackers will not be focusing on the spread of custom ransomware that can infect devices and cryptocurrency miners to earn extra money. The fear is that this money gained will be used to finance terrorism and warfare across the Middle East, which is where the vast majority of the Regime’s wealth goes.
The company said: “iDefense threat intelligence analysts predict that actors in Iran will continue to develop and deploy ransomware that they have repurposed from popular malware. State-sponsored organizations such as the Islamic Revolutionary Guard Corps (IRGC) Cyber Command could use such ransomware.”