APT39: An Iranian cyber espionage group targetting the Middle East
Today, FireEye revealed a new Iranian cyber espionage group, which it calls APT39, that targets the telecommunications, travel, and high-tech industries in the Middle East. Other regions targeted include the U.S., South Korea and Spain.
APT39’s (Advanced Persistent Threat) activity further showcases Iran’s potential global operational reach and how it uses cyber operations as a low-cost and effective tool to facilitate the collection of key data on perceived national security threats and gain advantages against regional and global rivals. FireEye believes APT39 operations are conducted in support of Iranian national interests based on regional targeting patterns focused in the Middle East, infrastructure, timing, and similarities to APT34, a group that loosely aligns with activity publicly reported as “OilRig”.
Earlier this month, FireEye’s Mandiant Incident Response and Intelligence teams identified a wave of DNS hijacking that had affected dozens of domains belonging to government, telecommunications and internet infrastructure entities across the Middle East and North Africa, Europe and North America.
Benjamin Read, Senior Manager of Cyber Espionage Analysis, FireEye, said: “APT39 marks the fourth Iranian cyber threat actor FireEye has elevated to the designation Advanced Persistent Threat. APT39 is set apart from other Iranian cyber espionage activity by the group’s focus on stealing personal information, in contrast other Iranian groups generally target traditional government and commercial information and support disruptive attacks. APT39’s focus on personal information likely supports the planning, monitoring, and tracking, of intelligence operations that serve Iran’s national priorities.”