Cyber-espionage is not anymore hypothetical, it is happening already, and the wrath of its claws has been felt no more palpably than by the major defense contractors to the US government. The culprit: a hacking group from Iran.
Security firm FireEye disclosed this week that Ajax Security Team was responsible for the series of cyber-espionage operations perpetrated against US defense vendors. The group reportedly used a software tool that is built to circumvent even the strongest cyber defense infrastructure, as well as employed social engineering to extend the reach of the infection to not just the company’s in Iran but also in the United States.
Ajax Security has been known in the past as a group of political hacktivists, wreaking cyber attacks to organizations that it perceives as enemies as far as political ideologies are concerned. They went on with their habit of defacing government Web sites. Now, the hacker team has evolved.
We have seen other hacking groups with the same twist of fate in the past couple of years. All of them have started out as hacktivists, only to end up attacking businesses and individual Internet users alike. And it has become a common practice for hackers and their community continues to expand in Iran, Russia, China and elsewhere.
The rise of Iranian hackers became more blatant following the launch of Stuxnet, a joint software program between the U.S. and Israel to annihilate Iran’s nuclear centrifuges. And the project succeeded in targeting one-fifth of the country’s nuclear facilities.
In return, Iranian hackers have targeted Saudi Aramco in Saudi Arabia in the past, damaging the oil plant’s tens of thousands of workstations using a wiper malware.
Like almost every malware that a regular user may come across over the Web, the hackers would try to lure potential victims into downloading and installing an advanced persistent threat malware, which would then scrape off the victim’s administrative rights over his computer and even possibly steal his credentials, including bank account numbers, email address, credit card data.
Ajax Security Team has been reportedly using email campaigns, social media private messaging systems, fake log-in Web pages and anticensorship software tools that are actually engineered to track a victim’s online activity before executing the attack.
In the case of the US defense contractors, the hackers used a bogus registration page that imitated the IEEE Aerospace website, including its domain name, which made the phony login page look authentic. Visitors to the fake website were led to download a proxy software in order to enter the website and register. In reality, the software was malicious and harmed everyone that fell to the trap.