by Staff writer, SF
The discovery of a previously undetected, highly active Iranian cyber espionage group, with an extensive target list that includes many large organizations and companies in the Middle East, has been reported by an American cyber security firm.
Symantec, who makes Norton antivirus software, has uncovered the cyber espionage group’s existence. Symantec dubbed it “Leafminer”, and said that the group has been active since the beginning of 2017, but has “significantly ramped up its activities” this year, and is currently involved in dozens of ongoing attacks.
Symantec published a report on Wednesday, saying that its security experts obtained what appears to be Leaf miner’s master list of targets. The list is written in Farsi and identifies more than 800 organizations. According to Symantec researchers, this is “an ambitious goal” for any cyber espionage group.
The organizations listed being targeted are from a variety of sectors — government, transportation, the financial sector, as well as energy and telecommunications. However, the majority of them appear to be in the petrochemical and government sectors. Leaf miner’s targets are nearly all located in the Middle East and North Africa, in countries such as Israel, Egypt, Bahrain, Qatar, Kuwait and the United Arab Emirates. A few of the group’s targets are located in Afghanistan and Azerbaijan.
Symantec researchers observed the Leaf miner hackers execute attacks in real time on at least 40 targets in the Middle East, including on the website of an intelligence agency in Lebanon. The say that Leaf miner uses a variety of hacking tools, including custom-designed malware and some publicly available software. The group’s operational sophistication ranges from complex, multilayered attacks to brute-force login attempts.
Symantec said that the cyber espionage group is believed to originate in Iran because its master target list is written in Farsi and because Iran is the only country in the Middle East who is unnamed on the target list.
Still, there is not sufficient evidence to link Leaf miner to the Iranian government.
In a separate development, Germany’s domestic intelligence agency, the Federal Office for the Protection of the Constitution (BfV), said this week in its annual report that the government of Iran has significantly expanded its cyber warfare capabilities and “poses a danger to German companies and research institutions.” The report went on to say that spying operations in Germany are run by the Iranian Ministry of Intelligence and National Security, who have gathered information about dissidents in Germany and other European countries.