Iranian hackers working under the auspices of the regime in Tehran have compromised computers of Israeli security companies and academics with the purpose of stealing sensitive data, says a report released in June by Israeli cyber security firm ClearSky.
According to the report, the cyber attack started in July 2014 and is still ongoing.
ClearSky believes that an Iranian cyber group known as the Ajax Security Team, operating with the support of the regime in Tehran, is behind the attack.
“Several characteristics of the attacks have led us to the conclusion that an Iranian threat actor is the likely culprit. We assume, though do not have direct evidence, that it is being supported by the Iranian regime, or performed by the regime itself,” the report says.
The cyber attack, the report notes, involved efforts to hack computers of various organizations and individuals not only in Israel but also in Saudi Arabia, Yemen, Venezuela, the United States and other countries.
The hackers, ClearSky says, employed numerous methods to break into the computers of the victims. They posed, for example, as journalists and sent targets an email that included a request for an interview; attached to the email was a file with a hidden virus, which would infect the victim’s computer as soon as the file was downloaded.
Thereafter, the hackers were able to access emails accounts, take control of computers and steal information stored in them.
Other methods involved breaching trusted websites to set up fake pages, multi-stage malware, spear phishing emails, phone calls to the target and messages on social networks.
ClearSky identified attacks on 40 Israeli targets, including employees at security companies, high-ranking Israel Defense Forces reservists, and also academics involved research on the Middle East and Iran at universities around the country. ClearSky doesn’t name the security companies that were compromised, but notes that the attacks were successful in most instances.
“While very successful in their attacks, the attackers are clearly not technically sophisticated. They are not new to hacking, but do make various mistakes, such as grammatical errors, exposure of attack infrastructure, easy to bypass anti-analysis techniques, lack of code obfuscation, and more,” the report notes.