Hackers working on behalf of the Iranian government have been targeting the aviation and petrochemical industries in the United States, Saudi Arabia, and South Korea since 2013, according to a report released by FireEye last week.
According to the report, APT33, a hacking group working for the Iranian government, have sent phishing emails to aviation industry employees that look like they are being recruited, and are designed to infect the employee’s computer. The emails look like they are coming from real companies associated with the airline industry. Once opened, the hackers were able to exfiltrate data and infect the company systems with malware that remained undetected for 4-6 months, all the while deleting files and wiping disks.
FireEye concludes that “the targeting of organizations in the aerospace and energy sectors indicates that the threat group is likely in search of strategic intelligence capable of benefiting a government or military sponsor.”