STE WILLIAMS

Iran’s elite hacking group is upping its game, according to new evidence delivered at a cybersecurity conference this week. The country’s APT33 cyberattack unit is evolving from simply scrubbing data on its victims’ networks and now wants to take over its targets’ physical infrastructure by manipulating industrial control systems (ICS), say reports.

APT33, also known by the names Holmium, Refined Kitten, or Elfin, has focused heavily on destroying its victims’ data in the past. Now though, the group has changed tack according to Ned Moran, principal program manager at Microsoft, who spoke at the CYBERWARCON conference in Arlington, Virginia on Thursday. Moran, who is also a fellow with the University of Toronto’s Citizen Lab focusing on security and information technologies, focuses on identifying and disrupting state-sponsored attackers in the Middle East.

The APT33 group is closely associated with Shamoon malware that wipes data from its targets’ systems. Experts have also warned of other tools in the group’s arsenal, including a data destruction tool called StoneDrill and a piece of backdoor software called TURNEDUP.

Moran said that APT33 used to use ‘password spraying’ attacks, in which it would try a few common passwords on accounts across lots of organizations. More recently, though, it has refined its efforts, ‘sharpening the spear’ by attacking ten times as many accounts per organisation while shrinking the number of organisations it targets. It has also focused heavily on ICS manufacturers, suppliers and maintainers, Moran said.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/kTGBTd_US1E/