Iranian Hackers Have Russian Connection

Computer security is a constant concern of companies around the world. Last month, a military contractor’s network came under attack. The hackers were believed to be Iranians, and they continued to mount various digital attacks throughout a period of 18 days. While they did not gain access to the servers of the contractor, it is clear that their contacts in Russia were giving them a hand.

Namely, a tool set that was developed by a known Russian hacker-for-hire and sold in an underground Russian forum. The tool had popped up in connection with an attack in Ukraine in 2015, when Russian hackers were successful in shutting down sections of their power grid.

“This is the very first time we’ve catalogued an attack where Iranian hackers are working with Russian hackers-for-hire,” said Carl Wright, an executive at TrapX. His company was the security firm that interdicted the hackers.

The intrusion represented a “historic” partnership between Iran’s hackers and Russians who are auctioning their skills and tools to anyone with the funds to hire them.

Iranian hackers have dramatically increased their cyberweaponry and tactical proficiency as a result,” said Tom Kellermann, a computer security expert who was a member of the commission advising the Obama administration on online security.

While the security experts said, it was possible the attackers faked the IP address in the attack, researchers noted that several web domains used in the attack were registered to a Russian alias and three email addresses continue to be used by a hacker in the Russian hacking forums and underground web, pointing to more than just a casual relationship between the hackers. More than 70% of the code used during the attack was identical to their other attacks, but this Russian tool set was part of their latest efforts to reach the sensitive information on the network of the military contractor.

The Iranian hackers are well-known, and they have continued to move west, targeting military, financial, and energy companies in Europe and recently, the United States. What is interesting is that while they aren’t as sophisticated as other hackers, the Iranians more than make up for that in determination.

The hackers were eventually caught, but it is clear that they are growing in their abilities and taking advantages of partnerships to increase their ability to access classified information in a variety of settings. As a result, there is greater concern that this group will continue to grow in their abilities and increase the number of attacks they initiate.