Email us: Tim@transportsecurityworld.com
/ Call us: + 44 (0) 20 7045 0900
  • Transport Security Congress
  • Waterfall Stronger Than Firewalls
  • Darktrace Industrial

Symantec warns of "heightened ambitions" of Iranian hackers targeting Middle East.

Posted on 07-Mar-2018 13:21:03

Data security.jpg“Chafer’s recent activities indicate that the group remains highly active, is continuing to hone its tools and tactics, and has become more audacious in its choice of targets.”

A digital security specialist has raised concerns of the "heightened ambitions" of a cyberattack group from Iran which is threatening to resurface and pose a real risk to transport networks in the Middle East. The Iranian hacking group, Chafer, last year targeted a range of organisations in the region with the motive of gathering intelligence, using infected Microsoft Excel documents to gain unlawful access to “airlines and aircraft services”. The illegal group also attacked telecoms and travel reservation companies.

Symantec, the California-based software company, published on its website that Chafer has traditionally focused its attention on the countries Jordan, Israel, The United Arab Emirates, Turkey and Saudi Arabia and became active since at least July 2014. Since then the hacking group has employed new strategies, introducing seven new tools that have led to it infiltrating nine new organisations in the Middle East.

Exposing the companies to malicious file hidden in an Excel document, which then installs three files on the computer and steals information from the compromised computer, Chafer reportedly accessed a telecoms company in the Middle East to facilitate surveillance of the company’s end-user customers and give the hackers a “vast pool” of new targets. It’s that approach that ultimately led Chafer to infiltrate an African airline, the details of which were harvested from the database of a travel reservations company.

Iran hackers are targetting the Middle East[Copyright Symantec]

Providing details on the seven new systems that Chafer is using, as well as malware the group is known to have already used, Symantec revealed that many of them are “freely available, off-the-shelf” tools that are then put to a malicious use.

  • Remcom: An open-source alternative to PsExec, which is a Microsoft Sysinternals tool used for executing processes on other systems
  • non-sucking Service Manager (NSSM): An open-source alternative to the Windows Service Manager which can be used to install and remove services and will restart services if they crash.
  • a custom screenshot and clipboard capture tool
  • SMB hacking tools: Used in conjunction with other tools to traverse target networks. These tools include the EternalBlue exploit (which was previously used by WannaCry and Petya)
  • GNU HTTPTunnel: An open-source tool that can create a bidirectional HTTP tunnel on Linux computers, potentially allowing communication beyond a restrictive firewall
  • UltraVNC: An open-source remote administration tool for Microsoft Windows
  • NBTScan: A free tool for scanning IP networks for NetBIOS name information.
@symantec published on its website that Chafer was operating in an increasingly bold manner and warned companies to be on high alert. “Chafer’s recent activities indicate that the group remains highly active, is continuing to hone its tools and tactics, and has become more audacious in its choice of targets. Although a regional actor, the group has followed two trends seen globally among targeted attack groups.”


Click here to download your copy of the Transport Security and Saftey Expo 2018 BrochureYou may also be interested in this from Transport Security World…

Read: £2.41tn of cyberattack risk, global hotspots and other threats revealed in alarming new report.

Read: “Train attacks are no longer science fiction,” declares startup after raising $4.7M to protect rail and metro from cyberattacks.

Visit: Transport Safety & Security Expo, June 11-12, 2018.

Expert view: Combating the increasingly sophisticated digital threat to rail and metro.

Topics: CyberSecurity

Get The Latest Updates From Transport Security World

About the Author

Dave Songer
Top