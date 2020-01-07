Loading...

Iran has built its own hacking and cyber war skills over the past decade. However, the groups involved in orchestrating Iran’s various cyber warfare and cyber espionage activities have also relied heavily on the work of others. In at least one case, they tried to provide outside help for the purported purpose of training potential hackers.

According to Chris Kubecka, a security researcher who has played a prominent role in Saudi Aramco’s response to Shamoon’s Iranian-made “Wiper” malware, officials from the Iranian telecommunications company emailed her on behalf of the Iranian government and tried to recruiting them I should teach hacking in a country against critical infrastructure, with a focus on nuclear facilities, “she told Ars.

These efforts, which Kubecka briefly referred to in a presentation at AppSec California in 2018, spanned 2.5 years during which Kubecka taught the FBI. “I collected evidence and communicated directly with them until the FBI intervened in January last year,” she said. “The last contact we had was that the Iranians wanted my home address to send me a gift.”

The TCI contact offered Kubecka “up to $ 100,000 a month” to come to Iran to teach an advanced course in Industrial Control Systems (ICS) and Surveillance Control and Data Acquisition (SCADA), Kubecka) Systems. The trip included a planned “VVIP tour with pictures with their military,” claimed Kubecka. She showed some of the news to Ars, including some of her communication with the FBI.

Iran’s access to tools and training for US information security is theoretically blocked by sanctions against the country, although there are certainly gaps that could be exploited to circumvent these barriers. And as Iran approached Kubecka, the United Nations’ sanctions had been partially lifted when the Joint Comprehensive Plan of Action (JCPA) was signed in 2015 – although U.S. sanctions remained in place.

Although the Trump administration’s exit from the JCPA significantly hampered legitimate trade with Iran, the government can use proxies to acquire restricted technologies, including tools used by the TCI to censor the Internet of Iran and monitor Internet users , Meanwhile, Iran has built its own organic capabilities based on standard tools – some open source and other “cracked” commercial software – and lessons learned from its campaigns in Saudi Arabia and other Gulf States, as well as against Western companies.

CISA warned the industry of Iran’s escalating activities, including new potential destructive attacks. And since then, efforts to gain access and collect account information have been booming in recent months. In October and November 2019, the Iranian-based threat group APT33 attacked hundreds of accounts on a total of around 4,000 organizations, mainly in the area of ​​industrial control.

In August and September 2019, another Iranian threat group (APT35) was observed, making thousands of attempts to breach Trump’s presidential campaign organization email accounts. APT35 was also discovered while attempting to breach the email accounts of current and former US government officials, journalists and Iranian expatriates.