There are fears that a team of hackers from the
Islamic Republic of Iran might have executed some f the most disturbing acts of
digital sabotage in history. There are fears that they might have cleared
entire computer systems in relentless hacking attacks all over the Middle East.
As if that is not bad enough, there is also another fear that they might have also hacked systems in the United States of America as well. However, as it is now, it looks like one of the most renowned hacking teams in Iran might be working on a new set of targets entirely.
It appears that instead of just targeting conventional
information technology networks, they now want to focus on physical control
systems. These include manufacturing, electrical systems, and petrochemical
As expected, the relevant stakeholders are not just watching with their arms folded. These are very credible threats and actions have to be taken. This explains why at the CyberwarCon meeting in Arlington, Virginia, experts discussed the ways forward concerning the identification and neutralization of these threats from foreign hackers .
Ned Moran is a security expert with Microsoft and at
the event, he presented his latest research work. The work was from the
enterprise’s threat intelligence group and it was productive. The work clearly
showed that the Iranian hacker group APT33 is changing its focus. This group is
also called Elfin, Refined Kitten or Holmium.
Microsoft made it clear that the hacker group was
engaging in several attacks that lasted years. One of these was the typical
password-spraying attack. In this form of attack, the attackers make attempt to
use a few passwords but on countless accounts on thousands upon thousands of
This is considered to be a brute attack and is seen as raw even within the community of hackers. Over the past couple of months, Microsoft revealed that APT33 has remarkably reduced its password spraying attacks . It is now down to about 2,000 ventures on a monthly basis. While it is cutting down on its password spraying attacks, it is also increasing the rate of accounts that are being attacked at every one of these ventures.
Microsoft has positioned these vulnerable enterprises
by the number of accounts that the hackers have attempted to break into.
According to Moran, an approximate 50% of those at the top two dozen were
suppliers, manufacturers, and maintainers that had transactions with industrial
control system equipment. All in all, Microsoft stated that it has observed the
hacker group focus on dozens of ventures in this niche. This is a trend that
has been on since at least the middle of October.
The plan of the hackers or even the industrial control
systems that they might have broken into is not known at the moment. Moran is
of the opinion that they are actually preparing the stage for something
greater. It is still all blurry now but as the experts keep studying the
condition, all will become much clearer in due course.