Cybersecurity

Iranian hacking group appears to expand international operations

An Iranian hacking group has expanded its international operations and tool kit to carry out attacks, according to new research, a sign of its growing ambitions and capabilities.

Over the past year, the Iran-based hacker group dubbed “Chafer” has moved from focusing its surveillance operations on domestic targets to those located in other countries in the Middle East, according to new research published by Symantec.

Symantec first identified the group in 2015, though they believe Chafer’s activity dates back to at least July 2014.

{mosads}

“It shows that Chafer in the years of existence has expanded their own mandate,” Vikram Thakur, Symantec’s security response technical director, told The Hill. “We don’t think that Chafer is going to be ceasing their operations or attacks anytime soon.” 

Chafer has orchestrated attacks against organizations located Israel, Jordan, the United Arab Emirates, Saudi Arabia and Turkey. The group began using seven new tools and targeting nine new organizations in its operations in 2017, according to the research published late Tuesday. Symantec also said it observed evidence of the hackers attempting to attack an airline in Africa and an international travel reservations firm last year.

Chafer’s targets span a number of sectors, including aircraft services, IT companies, telecoms providers and engineering consultancies. 

While researchers have no definitive evidence linking the group to Iran’s government, Thakur observed that the information they are targeting in spy operations — such as airline manifests — would be more more valuable to the public sector than the private sector. 

“The information they’re seeking is more likely to be usable by the government,” Thakur said. “Whether they are working on behalf of the government or they’re doing it on their own accord with plans to sell the information to a third party, we have no idea.”

Symantec has not yet tracked Chafer operations against organizations in the United States, but Thakur said that the group could look to target organizations in western countries in the future. 

“That can change overnight,” he said. “Can they do this? Yes of course. Will they do it? It’s unknown. The driving factor behind such attacks is only unknown to us.” 

Researchers expect Chafer to increase its attack volumes and expand its list of victims in coming years, Thakur said.