Posted on November 24, 2019 at 7:11 PM
There are fears that a team of hackers from the Islamic Republic of Iran might have executed some f the most disturbing acts of digital sabotage in history. There are fears that they might have cleared entire computer systems in relentless hacking attacks all over the Middle East.
As if that is not bad enough, there is also another fear that they might have also hacked systems in the United States of America as well. However, as it is now, it looks like one of the most renowned hacking teams in Iran might be working on a new set of targets entirely.
Industrial Systems Become Vulnerable
It appears that instead of just targeting conventional information technology networks, they now want to focus on physical control systems. These include manufacturing, electrical systems, and petrochemical systems.
As expected, the relevant stakeholders are not just watching with their arms folded. These are very credible threats and actions have to be taken. This explains why at the CyberwarCon meeting in Arlington, Virginia, experts discussed the ways forward concerning the identification and neutralization of these threats from foreign hackers.
Ned Moran is a security expert with Microsoft and at the event, he presented his latest research work. The work was from the enterprise’s threat intelligence group and it was productive. The work clearly showed that the Iranian hacker group APT33 is changing its focus. This group is also called Elfin, Refined Kitten or Holmium.
Microsoft made it clear that the hacker group was engaging in several attacks that lasted years. One of these was the typical password-spraying attack. In this form of attack, the attackers make attempt to use a few passwords but on countless accounts on thousands upon thousands of ventures.
This is considered to be a brute attack and is seen as raw even within the community of hackers. Over the past couple of months, Microsoft revealed that APT33 has remarkably reduced its password spraying attacks. It is now down to about 2,000 ventures on a monthly basis. While it is cutting down on its password spraying attacks, it is also increasing the rate of accounts that are being attacked at every one of these ventures.
Microsoft has positioned these vulnerable enterprises by the number of accounts that the hackers have attempted to break into. According to Moran, an approximate 50% of those at the top two dozen were suppliers, manufacturers, and maintainers that had transactions with industrial control system equipment. All in all, Microsoft stated that it has observed the hacker group focus on dozens of ventures in this niche. This is a trend that has been on since at least the middle of October.
The plan of the hackers or even the industrial control systems that they might have broken into is not known at the moment. Moran is of the opinion that they are actually preparing the stage for something greater. It is still all blurry now but as the experts keep studying the condition, all will become much clearer in due course.