Iranian Hackers Moving Into Cyber Espionage, Security Company Says

Michael Hayden
Former National Security Agency and Central Intelligence Agency Director Michael Hayden shakes hands before the Reuters Cybersecurity Summit in Washington, May 12, 2014. Reuters

Iranian hackers are a growing threat to U.S. security as they transition from attacking U.S. companies’ websites to conducting spying activities, according to a report to be released Tuesday.

The Silicon Valley cybersecurity company FireEye Inc. (NASDAQ:FEYE) said an Iranian hacking group known as the Ajax Security Team has been identified as the first to make their own malicious software as part of a cyberespionage effort, Reuters reported.

The group has launched attack on both Iranians trying to get around the country’s Internet censors and U.S. defense companies. Iranian hackers in general have also been blamed for denial-of-service attacks that dealt blows to U.S. banks’ online operations in recent years.

Michael Hayden, former director of the CIA and the National Security Agency, said cyberwarfare gives countries with inferior military capabilities a way to disrupt another nation’s security without launching missiles or invading.

"I've grown to fear a nation state that would never go toe-to-toe with us in conventional combat that now suddenly finds they can arrest our attention with cyberattacks," Hayden said at Monday’s Reuters Cybersecurity Summit.

Groups like Ajax moved on from lower-level domestic attacks to foreign ones after the Stuxnet attack on Iran’s nuclear program in 2012. The Stuxnet virus was believed to be the work of the U.S. government. FireEye researcher Nart Villeneuve said that’s when Ajax decided to get more political in its cyberactivities.

"This is a good example of a phenomenon that we are going to increasingly see with hacker groups in Iran. If their objective is to attack enemies of the revolution and further the government's objectives, then engaging in cyberespionage is going to have more impact than website defacements," Villeneuve said.

While Iranian hackers are moving toward cyberespionage, there are no indications yet that they are launching Stuxnet-style attacks, Leonard Moodiwspaw, CEO of Maryland cybersecurity company KEYW Holding Corp. (NASDAQ: KEYW), said at the summit.

"They are more interested in IP and taking money than in shutting anybody down," he said.

Share this article

More News from IBT MEDIA