Iran cited as growing threat in cybersecurity landscape

Accenture says that Iran is becoming a hotbed for cyberespionage.
Written by Charlie Osborne, Contributing Writer

North Korea, the US, Russia, and Africa are all associated with different forms of cyberattack.

The US first emerged on the scene as a place where state-sponsored groups were given the funds and resources to launch debilitating attacks through Stuxnet, a worm which -- while the US link remains unproven -- was utilized to attack centrifuge systems at an Iranian nuclear power facility.

Since then, the United States' National Security Agency (NSA) has endured their cache of zero-day exploits and hacking tools being stolen and released online.

North Korea is constantly assigned responsibility for attacks against South Korea and other countries, Russian malware operators are believed to be behind a slew of recent attacks against UK entities -- as well as online meddling with the US election -- and African countries have been connected to phishing and spam for years.

North Korea's history of bold cyber attacks

However, it seems that Iran is also keen to get in on the action.

In the Accenture Cyber Threatscape Report 2018, released on Tuesday, Iran is cited as an emerging player in the cyberattack space.

TechRepublic: When hackers attack a country, they use the same flaws impacting your business

The cybersecurity firm's iDefense threat intelligence team says it has seen a "significant" uptick in not only cyberattacks but also cyberespionage campaigns launched by hackers in the country.

During the first half of 2018, Accenture says attacks emerging from Iran grew and this trend is likely to continue.

The researchers say that state-sponsored attacks, in particular, have increased -- and together with hacktivists in the country, they represent a "disruptive or destructive cyberthreat against the United States, Europe, and the Middle East."

However, Accenture believes that the focus of the groups will be on other Middle Eastern nations.

Mobile malware, including Android-based exploits and ransomware, is Iran's current "weapons of choice." Unofficial Android app marketplaces which are not verified by the Google Play app store are common targets for Iranian threat actors seeking to implant malware into mobile devices -- but these same groups are also constantly attempting to secrete malicious code into legitimate apps hosted by Google's official app store.

Accenture has also been tracking an Iranian group called Pipefish. These threat actors are active across the Middle East and appear to be targeting organizations in countries including Saudi Arabia, Qatar, and the United Arab Emirates for cyberespionage purposes.

See also: ATM hacking becomes a priority in IBM cybersecurity facilities

Malware developed by the Iranian hacking group and analyzed by researchers shows that the toolset is advancing, as Pipefish is now able to use a cache of exploits to remotely execute commands on victim machines.

However, custom ransomware appears to be the tool of choice. Accenture believes that Iranian threat groups will focus on ransomware spread and infection, alongside cryptocurrency miners, for financial gain.

CNET: Iran orders ISPs to block Telegram messaging app

"iDefense threat intelligence analysts predict that actors in Iran will continue to develop and deploy ransomware that they have repurposed from popular malware," the company says. "State-sponsored organizations such as the Islamic Revolutionary Guard Corps (IRGC) Cyber Command could use such ransomware."

It has also been suggested that with US President Trump set to re-impose sanctions on the country, this may prompt new growth in cyberattacks and surveillance campaigns.

A basic guide to diving in to the dark web

Previous and related coverage

Editorial standards