Several energy structures across Europe have been the targets of cyber hacking in recent times.
According to computer security researchers, the tracks have managed to reach Iran. According to the latest findings, these various attacks are intended to be a simple reconnaissance mission. Hackers were likely interested in collecting sensitive information.
This article will also interest you: A group of APT pirate identified by the Russian firm Kasperky
It's computer security company Recorded Future, which discovered the campaign hacking as well as it sources.
The malware used for the attack is called PupyRAT, an open source software, which has the ability to infect the devices either on Linux, OSX, even Windows and Android. Its main feature is to allow hackers to have access to the targeted person's system, and also to acquire certain identifiers such as username, password for other important information on networks. Experts have managed to trace back to the Iranian hackers even though the software used is open source. It is the preferred working tool of a group of hackers affiliated with the Iranian state recognized as APT 33.
These hackers are known in the world of cybersecurity by the fact that they have already initiated several attacks in the same style on infrastructure located in Europe. Indeed, researchers from the computer security company detected traces of the computer software, to say attacks between November 2019 and January 2020. In some respects, computer attacks cannot be linked to the recent geopolitical conflict that was triggered by the assassination of the Iranian general by the Americans. Because they started well and beautiful before all this. While experts have struggled to determine how the malware was distributed in the various systems, the hypothesis that the entire phishing method infection procedure seems most likely. This is due to the fact that the hacker group indexed here (APT33) has already used this method to infect computer systems by taking advantage of the trust of victims by sending documents via conventional messaging services.
According to Priscilla Moriuchi, an expert from computer security company Recorded Future: "Based on our traffic-based assessment that we observed, this was probably a reconnaissance mission. (…) We believe that given the network activity we are observing, access to this type of sensitive information would be extremely valuable to adversaries. ». Once the attack was detected, computer security experts automatically notified all affected targets. Explaining the hacker recognition approach, Moriuchi points out: "To enable destructive operations or attacks, it takes months of recognition and understanding of the behavior of employees of these companies and how a certain capacity could have an impact on information or the distribution of energy resources (…) It is assumed that network attacks can be deactivated and activated, but this is generally not the case. »
Now access an unlimited number of passwords: