Cyber Security Firm Warns About Iran Hacking Threat

Iran Focus

London, 15 Dec - Two cyber security firms have warned the US against underestimate Iranian hackers in the wake of successful operations and advised that they need to be tracked more closely.

These hackers, who target enemies of  Iran and promote the Regime’s political agenda, have become more advanced in their attacks, which led advanced-threat protection firms FireEye and ClearSky to warn that the Regime is fast turning into a cyber crimes giant.


In November, Iranian agents attacked Microsoft Office software in order to target a Middle Eastern government according to FireEye. The suspects are an Iranian cyber-espionage threat group, known as APT34.

This group, more well known as OilRig, has a history of operations that align with Iran’s political agenda, which means that they are likely working under direction from the Regime, and conduct their attacks in a very different way.

Fred Plan, a senior analyst with FireEye, told eWEEK: “One thing that sets the Iranian cyber-espionage groups apart is they are not that reliant on technical solutions. They do not—like the Chinese and Russians—have a pile of zero days. They do a lot more basic social engineering.”

The problem is that the US is also dealing with cyber espionage from other states- like North Korea, China, and Russia- and don’t spend a lot of time on Iran’s operations. This needs to change.

Earlier this month, Israeli cyber-security consultancy ClearSky Cyber Security found that a lot of attacks against human-right activists and media organizations were conducted by Iranian hackers as well. Given the Regime’s relationship with journalists and human rights, it seems likely that they order this attack too.

Plan said: “In the case of Iran, it is [similar] to China and Russia—there is a spectrum of activity and many different actor groups. Some are very closely tied to what the government is doing, while others are nationalistic actors that get together and have a particular set of skills.”

Although Plan wants to be cautious about this, from what we know about the Regime it is unlikely anyone would target enemies of the Regime without being told to.

APT34 has targeted the financial, government, energy, chemical and telecommunications industries in the Middle East, using a spearphishing campaign and the MS Office vulnerability to install malware.

Given their speed at exploiting vulnerabilities, it is hard to believe that they aren’t being funded and instructed by the mullahs.


Iran, Tehran – Anti-Regime Chants in Protest, June 25

Iran, Tehran – Major Protest With Chants of ‘We Will Fight, We Will Die, but We’ll Take Back Iran’

Iran, Tehran – Chants of ‘Death to the Dictator’, June 25

Iran, Tehran – Clashes Between People and Security Forces, June 25

Iran, Tehran – People Defend Themselves in Protest, June 25

North Khorasan Province, Iran. May 22, 2018, the Nationwide Strike of Heavy Truck Drivers

Yazd, Iran. May 22, 2018, the Nationwide Strike of Heavy Truck Drivers

Bandar Abbas, Iran. May 22, 2018, the Nationwide Strike of Heavy Truck Drivers

Pasargadae, Iran. May 22, 2018, the Nationwide Strike of Heavy Truck Drivers

Iran-Bandar Lengeh, May 22, 2018, the Nationwide Strike of Heavy Truck Drivers

Iran-Isfahan, May 22, 2018, the Nationwide Strike of Heavy Truck Drivers

Iran,Isfahan, Apr. 10, 2018. Farmers' Protest Rally Continues

Iran,Isfahan, Apr. 10, 2018. Farmers Stage Major Protest Gathering in Khourasgan Square

Iran – the Portrait of Khamenei and Khomeini Was Set on Fire


Ahvaz, 29 Mar, Peaceful Demonstration of People Faces With Brutal Clashes by the Security Forces

IRAN, AHVAZ, Mar 27&28 People Clash With Security Agents Who Wanted to Destroy Their Houses

WARNING - VULGAR LANGUAGE March 13 - Tehran, NW #Iran‌ Protesters Celebrating #FireFest and Clashing

Iran: Video Clip, Activists Setting Fire 2 Paramilitary Bassij Center in Lavasan, North Tehran. #Fir

March 13 - Qazvin, NW #Iran‌ Protesters Starting #FireFest, Defying Authorities Banning Such #4Shanb