Iran-sponsored hackers have targeted Israel, Saudis, Turkey since 2014

by Ken Dilanian /  / Updated 
Image: Iran's national flag
U.S. intelligence officials have long considered Iran to be a highly capable adversary in cyber space. Morteza Nikoubazl / Reuters file

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.

WASHINGTON — Hackers linked to the Iranian government have conducted a long-term cyberespionage operation against government and industry in Israel, Kuwait, Lebanon, Qatar, Saudi Arabia, Turkey and the United Arab Emirates, according to FireEye, a cybersecurity firm.

In a new report, FireEye says the operation by the group it dubs APT34 is "largely focused on reconnaissance efforts to benefit Iranian nation-state interests and has been operational since at least 2014."

The mostly Middle Eastern targets include government agencies and private industries, including financial, energy, chemical and telecommunications sectors, the company says.

FireEye bases its assessment that APT34 works on behalf of the Iranian government on clues that include references to Iran, the use of Iranian infrastructure and targeting that aligns with Iran's interests.

The hackers sometimes breached networks through spearphishing, a technique designed to get users to open a file in email that secretly installs malware on their computer.

Image: Iranian President Rouhani Attends Gathering of IRGC Commanders
Iranian President Hassan Rouhani, left, attends the 21st Nationwide Assembly of the Islamic Revolution Guards Corps (IRGC) Commanders on Sept. 15, 2015 in Tehran.Anadolu Agency / Getty Images file

"APT34 is a proficient threat group that has proven particularly effective at leveraging spearphishing emails and social engineering to compromise target networks," said Nicholos Richard, principal threat intelligence analyst at FireEye. "The group has continually refined and enhanced its tactics, techniques and procedures to successfully target victims and once in a victim’s environment moves rapidly to dump credentials, establish persistence and conduct extensive reconnaissance to facilitate successive operations."

U.S. intelligence officials have long considered Iran to be a highly capable adversary in cyberspace. In 2013, hackers from Iran's Islamic Revolutionary Guards Corps infiltrated the computer controls of a small dam 25 miles north of New York City, according to American officials.

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.
MORE FROM news