Report Says Iranian Hackers Targeting Israeli Defense Sector

Cybersecurity researchers identified a suspected Iranian espionage campaign targeting aerospace, aviation and defense industries across the Middle East, including in Israel and the United Arab Emirates.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

Threat intelligence firm Mandiant published a report Tuesday night that links a threat actor tracked as UNC1549, allegedly associated with the Iranian Revolutionary Guard Corps, to a series of coordinated attacks targeting Middle East entities affiliated with the aerospace and defense sectors.

Ofir Rozmann, a senior researcher for Mandiant and a coauthor of the report, told Information Security Media Group that hackers “used decoys and lures” to gain initial access into targeted systems. They primarily used Microsoft Azure cloud infrastructure to communicate with their deployed back doors – a technique used to evade detection.

Tehran-affiliated hackers “are growing overtime in sophistication and conducting tailored cyberespionage and destructive campaigns,” Rozmann said. This campaign’s primary purpose appears to be espionage but may also support other…