DUBAI: A group of hackers suspected of working in Iran for its government is targeting the aviation and petrochemical industries in Saudi Arabia, the US and South Korea, a cybersecurity firm warned Wednesday.
The report by FireEye also said the suspected Iranian hackers left behind a new type of malware that could have been used to destroy the computers it infected, an echo of two other Iran-attributed cyberattacks targeting Saudi Arabia in 2012 and 2016 that destroyed systems.
Iran’s office at the United Nations did not immediately respond to a request for comment Wednesday and its state media did not report on the claims. However, suspected Iranian hackers long have operated without caring if people found it was them or if there would be consequences, making them incredibly dangerous, said Stuart Davis, a director at one of FireEye’s subsidiaries.
“Today, without any repercussions, a neighboring country can compromise and wipe out 20 institutions,” Davis said.
FireEye, which often works with governments and large corporations, refers to the group as APT33, an acronym for “advanced persistent threat.” APT33 used phishing e-mail attacks with fake job opportunities to gain access to the companies affected, faking domain names to make it look like the messages came from Boeing Co. or defense contractors.
The hackers remained inside of the systems of those affected for “four to six months” at a time, able to steal data and leaving behind the malware that FireEye refers to as Shapeshifter. The coding contains Farsi-language references, the official language of Iran, FireEye said.
Timestamps in the code also correspond to hackers working from Saturday to Wednesday, the Iranian workweek, Davis said. The programs used in the campaign are popular with Iranian coders, servers were registered via Iranian companies and one of the spies appears to have accidentally left his online handle, “xman_1365_x,” in part of the code.
That name “shows up all over Iranian hacker forums,” FireEye’s John Hultquist said. “I don’t think they’re worried about being caught. ... They just don’t feel like they have to bother.”
The Associated Press was able to find other clues pointing to an Iranian nexus. One of the e-mail addresses used to register a malicious server belongs to an Ali Mehrabian, who used the same address to create more than 120 Iranian websites over the past six years.
Neither Mehrabian, who listed himself as living in Tehran, nor “xman” returned e-mails seeking comment.
Iran developed its cyber capabilities in 2011 after the Stuxnet computer virus destroyed thousands of centrifuges involved in Iran’s contested nuclear program. Stuxnet is widely believed to be an American and Israeli creation.
Iran is believed to be behind the spread of Shamoon in 2012, which hit Saudi Arabian Oil Co. and Qatari natural gas producer RasGas. The virus deleted hard drives and then displayed a picture of a burning American flag on computer screens. Saudi Aramco ultimately shut down its network and destroyed over 30,000 computers.
A second version of Shamoon raced through Saudi government computers in late 2016, this time having the destroyed computers display a photograph of the body of 3-year-old Syrian boy Aylan Kurdi, who drowned fleeing his country’s civil war. Suspicion again fell on Iran.
FireEye’s report said it believed APT33 “is likely in search of strategic intelligence capable of benefiting a government or a military sponsor.”
High on the list of any potential suspects within Iran would be its paramilitary Revolutionary Guard. US prosecutors in March 2016 accused hackers associated to Guard-linked companies of attacking dozens of banks and a small dam near New York City. Hackers linked to the Guard also have been suspected of targeting the e-mail and social-media accounts of Obama administration officials.
___
Associated Press writer Raphael Satter in Paris contributed to this report.
Iranian hackers unleash malware against aviation, petrochem industries — cybersecurity firm
Iranian hackers unleash malware against aviation, petrochem industries — cybersecurity firm
Biden says Israel must allow aid to Palestinians ‘without delay’
“Israel must make sure all this aid reaches the Palestinians in Gaza without delay“
WASHINGTON: President Joe Biden on Wednesday demanded that new humanitarian aid be allowed to immediately reach Palestinians in the Gaza Strip as key US ally Israel fights Hamas there.
“We’re going to immediately secure that aid and surge it... including food, medical supplies, clean water,” Biden said after signing a massive military aid bill for Israel and Ukraine, which also included $1 billion in humanitarian aid for Gaza.
“Israel must make sure all this aid reaches the Palestinians in Gaza without delay,” he said.
US-Israel relations have been strained by Israel’s conduct of the war in Gaza and Israeli Prime Minister Benjamin Netanyahu’s plan to send troops into the southern Gazan city of Rafah, where 1.5 million people are sheltering, many in makeshift encampments.
“This bill significantly — significantly — increases humanitarian assistance we’re sending to the innocent people of Gaza who are suffering badly,” Biden said.
“They’re suffering the consequences of this war that Hamas started, and we’ve been working intently for months to get as much aid to Gaza as possible.”
Israel hits Lebanese border towns with 14 missiles
- Hezbollah targets Israeli settlements in retaliation for Hanin civilian deaths
- Hezbollah said it attacked the Shomera settlement with dozens of Katyusha rockets
BEIRUT: Clashes between Hezbollah and Israeli forces escalated sharply on Wednesday, the 200th day of conflict in southern Lebanon’s border area.
Israeli airstrikes created a ring of fire around Lebanese border towns, with at least 14 missiles hitting the area.
In the past two days, military activity in the border region has increased, with Hezbollah targeting areas in northern Acre for the first time in the conflict.
On Wednesday, Israeli strikes hit the outskirts of Aita Al-Shaab, Ramya, Jabal Balat, and Khallet Warda.
The Israeli military said it had destroyed a missile launching pad in Tair Harfa, and targeted Hezbollah infrastructure in Marqaba and Aita Al-Shaab.
Israeli artillery also struck areas of Kafar Shuba and Shehin “to eliminate a potential threat.”
Hezbollah also stepped up its operations, saying this was in retaliation for the “horrific massacre committed by the Israeli enemy in the town of Hanin, causing casualties and injuries among innocent civilians.”
A woman in her 50s and a 12-year-old girl, both members of the same family, were killed in the Israeli airstrike. Six other people were injured.
Hezbollah said it attacked the Shomera settlement with dozens of Katyusha rockets.
The group said it also targeted Israeli troops in Horsh Natawa, and struck the Al-Raheb site with artillery.
It also claimed to have killed and wounded Israeli soldiers in an attack on the Avivim settlement.
Israeli news outlets said that a rocket-propelled grenade hit a house in the settlement, setting the dwelling ablaze.
Hezbollah’s military media said that in the past 200 days of fighting with Israel, 1,998 operations had been carried out from Lebanon, Yemen and Iraq, including 1,637 staged by Hezbollah.
Egypt denies any discussions with Israel over Rafah offensive
- Egypt reiterates opposition to any move on Rafah
- Warnings tell of expected losses and negative repercussions
CAIRO: Egypt has denied any discussions with Israel regarding an offensive in the Palestinian city of Rafah in the southern Gaza Strip.
Diaa Rashwan, the head of Egypt’s State Information Service, has refuted what has been claimed in one of the major American newspapers: that Egypt has discussed with the Israeli side its plans for an offensive in Rafah.
Rashwan has affirmed the Egyptian stance — announced several times by its political leadership — of complete opposition to the operation, which it is thought will lead to further massacres, massive human losses, and widespread destruction.
He added that Egypt’s repeated warnings have reached the Israeli side, from all channels, since Israel proposed carrying out a military operation in Rafah. These warnings tell of expected losses and the negative repercussions on the stability of the entire region.
Rashwan added that while Israel is contemplating its operation — which Egypt and most of the world and its international institutions stand against — Egyptian efforts since the beginning of the Israeli aggression had focused on reaching a ceasefire agreement and the exchange of prisoners and detainees.
He said Egypt was seeking the entry of humanitarian aid into the Gaza Strip, especially the north and Gaza City, and the evacuation of wounded and sick people for treatment outside the area.
Egypt has repeatedly opposed the displacement of Palestinians from Gaza and is warning against any military operation in Rafah.
UAE announces $544m for repairs after record rains
- Wednesday's announcement comes more than a week after the unprecedented deluge lashed the desert country
- “The situation was unprecedented in its severity but we are a country that learns from every experience,” Sheikh Mohammed said
DUBAI: The United Arab Emirates announced $544 million to repair the homes of Emirati families on Wednesday after last week’s record rains caused widespread flooding and brought the Gulf state to a standstill.
“We learned great lessons in dealing with severe rains,” said Prime Minister Sheikh Mohammed bin Rashid Al-Maktoum after a cabinet meeting, adding that ministers approved “two billion dirhams to deal with damage to the homes of citizens.”
Wednesday’s announcement comes more than a week after the unprecedented deluge lashed the desert country, where it turned streets into rivers and hobbled Dubai airport, the world’s busiest for international passengers.
“A ministerial committee was assigned to follow up on this file... and disburse compensation in cooperation with the rest of the federal and local authorities,” said Sheikh Mohammed, who is also the ruler of Dubai, which was one of the worst hit of the UAE’s seven sheikhdoms.
The rainfall was the UAE’s heaviest since records began 75 years ago.
Cabinet ministers also formed a second committee to log infrastructure damage and propose solutions, Sheikh Mohammed said in a post on X, formerly Twitter.
“The situation was unprecedented in its severity but we are a country that learns from every experience,” he said.
The storm, which dumped up to two years’ worth of rain on the UAE, had subsided by last Wednesday.
But Dubai faced severe disruption for days later, with water-clogged roads and flooded homes.
Dubai airport canceled 2,155 flights, diverted 115 and did not return to full capacity until Tuesday.
Tunisia law professors call for release of detained opposition figures
- Since a flurry of arrests in February 2023, around 40 critics of President Kais Saied have been facing charges of “conspiracy against the state“
- Eight of the critics have been detained since, and have yet to see trial
TUNIS: More than 30 Tunisian law professors on Wednesday called for the release of several political opposition figures arrested last year, pointing out that the 14-month legal limit for pre-trial detention had passed.
Since a flurry of arrests in February 2023, around 40 critics of President Kais Saied have been facing charges of “conspiracy against the state.”
Eight of the critics have been detained since, and have yet to see trial.
They were expected to be released earlier this month after their detention was extended twice — four months each time — following an initial six-month stint, their lawyers said.
Yet all eight remain in detention after a court hearing on their case was put off until May 2.
This means they have been detained for more than 14 months without trial, which is the limit under Tunisian law.
“Keeping them in prison beyond the period of preventive detention is a violation (of Tunisian law),” read a statement signed by 33 law professors, including three deans.
The professors said the eight must be released, accusing the Tunisian authorities of putting them in what they called “forced detention.”
The country’s anti-terrorism court is investigating the political opponents for trying to “change the nature of the state” under Tunisia’s penal code.
In a letter addressed to President Saied last month, rights group Amnesty International called for the “immediate and unconditional” release of the detainees.
“I call on you to cease your targeted arrests of critics for the peaceful exercise of their rights to freedom of expression,” the letter read.
Saied, a former law professor, has ruled by decree since orchestrating a sweeping power grab in July 2021 in Tunisia, which saw the onset of what came to be known as the Arab Spring a decade earlier.
The eight detainees include former Islamist-inspired Ennahdha party figure Abdelhamid Jelassi, co-founder of the left-wing National Salvation Front coalition Jawhar Ben Mbarek and political activist Khayam Turki.
After the wave of arrests last year, the United Nations voiced alarm over “the deepening crackdown against perceived political opponents and civil society in Tunisia, including attacks on the independence of the judiciary.”
Critics have denounced Saied’s crackdown on opponents, accusing him of exploiting Tunisia’s judiciary as the country prepares for presidential elections set to take place later this year.
