An undetected hackers group from Iran is allegedly stealing travel and mobile data of individuals in the Middle East region, cybersecurity research firm FireEye claimed.
According to FireEye, the Iranian group dubbed APT39 has targeted a number of people in the Middle East, especially in the Gulf region. It’s believed that the espionage group is allegedly providing information to the Iranian government. The researchers at FireEye stated that they had been tracking APT39 activities since 2014 to protect organizations from cyber incidents.
The researchers said the group uses phishing emails that target specific people and include malicious attachments or links resulting in a POWBAT infection. FireEye also observed that the group uses Persian language words in encrypting data. APT39’s activities are reportedly focussed on the telecommunications sector, the travel, and IT industry, and allegedly represent Iran’s potential global operational reach and how it collects key data.
“In December 2018, FireEye identified APT39 as an Iranian cyber espionage group responsible for widespread theft of personal information. We have tracked activity linked to this group since November 2014 in order to protect organizations from APT39 activity to date. APT39’s focus on the widespread theft of personal information sets it apart from other Iranian groups FireEye tracks, which have been linked to influence operations, disruptive attacks, and other threats. APT39 likely focuses on personal information to support monitoring, tracking, or surveillance operations that serve Iran’s national priorities, or potentially to create additional accesses and vectors to facilitate future campaigns,” FireEye stated in a post.
“We believe APT39’s significant targeting of the telecommunications and travel industries reflects efforts to collect personal information on targets of interest and customer data for the purposes of surveillance to facilitate future operations,” FireEye added.
