Iranian Hacker Group Targets U.S. Government Employees
Last Thursday, An Iranian government-backed hacker group named APT34 targeted U.S. Government employees in a spear-phishing attack. The group posed as Westat, a U.S. Government contractor tasked with collecting and analyzing various surveys for governmental and non-governmental clients. By using Excel spreadsheets that contained malicious code, the hackers would have been able to remotely access and compromise the data contained within a secure network.
The Iranian government has been known to target the government and business interests of its adversaries. Iran has launched cyber attacks against Irasel, The United States, and Saudi Arabia. Iran has also been a target of cyber attacks from its adversaries, most notably the Stuxnet attack that damaged Iran’s nuclear program in 2010. As a regional power, Iran has been involved in numerous covert operations and proxy wars in an attempt to gain influence in the Middle East and further afield. In recent years, Iran has increasingly adopted a policy of subversion and disinformation over direct military action when pursuing strategic objectives. With Iran establishing The Cyber Defense Command in 2010, and the U.S. Army establishing the Cyber Operations Specialist role, it is clear that major regional powers are placing an increased importance in cyber warfare and influence operations.
Cyberwarfare has changed the way propaganda and sabotage are carried out. Leaflets have been replaced with memes, and bombs have been replaced with infected spreadsheets. It can be an attractive choice for sabotage and intelligence collection. With cyber attacks, the human risk is often quite low or non-existent, as attacks are launched from different hemispheres than their targets. It also serves as a powerful way to influence large populations. With almost half the world’s population being exposed to social media, the reach for an influence campaign can be immense.
Intezer, the security researcher who discovered the attack, has notified Westat of the issue. Westat has responded that it is collaborating with Intezer to assess the damage. You can read more about Intezer’s report, and the technical details of how the attack worked here.
