DUBAI: A group of hackers suspected of working in Iran for its government is targeting the aviation and petrochemical industries in Saudi Arabia, the US and South Korea, a cybersecurity firm warned Wednesday.
The report by FireEye also said the suspected Iranian hackers left behind a new type of malware that could have been used to destroy the computers it infected, an echo of two other Iran-attributed cyberattacks targeting Saudi Arabia in 2012 and 2016 that destroyed systems.
Iran’s office at the United Nations did not immediately respond to a request for comment Wednesday and its state media did not report on the claims. However, suspected Iranian hackers long have operated without caring if people found it was them or if there would be consequences, making them incredibly dangerous, said Stuart Davis, a director at one of FireEye’s subsidiaries.
“Today, without any repercussions, a neighboring country can compromise and wipe out 20 institutions,” Davis said.
FireEye, which often works with governments and large corporations, refers to the group as APT33, an acronym for “advanced persistent threat.” APT33 used phishing e-mail attacks with fake job opportunities to gain access to the companies affected, faking domain names to make it look like the messages came from Boeing Co. or defense contractors.
The hackers remained inside of the systems of those affected for “four to six months” at a time, able to steal data and leaving behind the malware that FireEye refers to as Shapeshifter. The coding contains Farsi-language references, the official language of Iran, FireEye said.
Timestamps in the code also correspond to hackers working from Saturday to Wednesday, the Iranian workweek, Davis said. The programs used in the campaign are popular with Iranian coders, servers were registered via Iranian companies and one of the spies appears to have accidentally left his online handle, “xman_1365_x,” in part of the code.
That name “shows up all over Iranian hacker forums,” FireEye’s John Hultquist said. “I don’t think they’re worried about being caught. ... They just don’t feel like they have to bother.”
The Associated Press was able to find other clues pointing to an Iranian nexus. One of the e-mail addresses used to register a malicious server belongs to an Ali Mehrabian, who used the same address to create more than 120 Iranian websites over the past six years.
Neither Mehrabian, who listed himself as living in Tehran, nor “xman” returned e-mails seeking comment.
Iran developed its cyber capabilities in 2011 after the Stuxnet computer virus destroyed thousands of centrifuges involved in Iran’s contested nuclear program. Stuxnet is widely believed to be an American and Israeli creation.
Iran is believed to be behind the spread of Shamoon in 2012, which hit Saudi Arabian Oil Co. and Qatari natural gas producer RasGas. The virus deleted hard drives and then displayed a picture of a burning American flag on computer screens. Saudi Aramco ultimately shut down its network and destroyed over 30,000 computers.
A second version of Shamoon raced through Saudi government computers in late 2016, this time having the destroyed computers display a photograph of the body of 3-year-old Syrian boy Aylan Kurdi, who drowned fleeing his country’s civil war. Suspicion again fell on Iran.
FireEye’s report said it believed APT33 “is likely in search of strategic intelligence capable of benefiting a government or a military sponsor.”
High on the list of any potential suspects within Iran would be its paramilitary Revolutionary Guard. US prosecutors in March 2016 accused hackers associated to Guard-linked companies of attacking dozens of banks and a small dam near New York City. Hackers linked to the Guard also have been suspected of targeting the e-mail and social-media accounts of Obama administration officials.
___
Associated Press writer Raphael Satter in Paris contributed to this report.
Iranian hackers unleash malware against aviation, petrochem industries — cybersecurity firm
Iranian hackers unleash malware against aviation, petrochem industries — cybersecurity firm
UN atomic watchdog chief due in Iran as concern grows over nuclear activity
- Visit comes at a time of heightened regional tensions and with IAEA criticizing Iran for lack of cooperation on inspections and other outstanding issues
TEHRAN: UN atomic watchdog chief Rafael Grossi is set to arrive in Iran on Monday, where he is expected to speak at a conference and meet officials for talks on Tehran’s nuclear program.
The visit comes at a time of heightened regional tensions and with the International Atomic Energy Agency (IAEA) criticizing Iran for lack of cooperation on inspections and other outstanding issues.
Grossi, head of the IAEA, is expected to deliver a speech at Iran’s first International Conference on Nuclear Science and Technology.
The three-day event, which starts on Monday, is being held in Isfahan province, home to the Natanz uranium enrichment plant and where strikes attributed to Israel hit last month.
The IAEA and Iranian officials reported “no damage” to nuclear facilities after the reported attack on Isfahan, widely seen as Israel’s response to Iran’s first-ever direct attack on its arch foe days earlier, which itself was a retaliation for a deadly strike on Tehran’s Damascus consulate.
During his visit, Grossi is expected to meet with Iranian officials including the Islamic republic’s nuclear chief Mohammad Eslami.
On Wednesday Eslami, head of the Atomic Energy Organization of Iran, said he was “sure that these negotiations will further help clear ambiguities, and we will be able to strengthen our relations with the agency.”
Iran in recent years has deactivated IAEA monitoring devices at nuclear facilities and barred inspectors, according to the UN agency.
Grossi last visited Iran in March 2023 and met with top officials including President Ebrahim Raisi.
Iran has suspended its compliance with caps on nuclear activities set by a landmark 2015 deal with major powers after the United States in 2018 unilaterally withdrew from the agreement and reimposed sweeping sanctions.
Tensions between Iran and the IAEA have repeatedly flared since the deal fell apart, while EU-mediated efforts have so far failed both to bring Washington back on board and to get Tehran to again comply with the terms of the accord.
Last year, Iran slowed down the pace of its uranium enrichment, which was seen as a goodwill gesture while informal talks began with the United States.
But the Vienna-based UN nuclear agency said Iran accelerated the production of 60-percent enriched uranium in late 2023.
Enrichment levels of around 90 percent are required for military use.
Tehran has consistently denied any ambition to develop nuclear weapons, insisting that its atomic activities were entirely peaceful.
In February, the IAEA said in a confidential report seen by AFP that Iran’s estimated stockpile of enriched uranium had reached 27 times the limit set out in the 2015 accord.
On Sunday, the Iranian official news agency IRNA said Grossi’s visit provides “an opportunity for the two sides to share their concerns,” especially with regard to the IAEA’s inspectors.
Iran in September withdrew the accreditation of several inspectors, a move described at the time by the UN agency as “extreme and unjustified.”
Tehran, however, said its decision was a consequence of “political abuses” by the United States, France, Germany and Britain.
Eslami said the IAEA has “more than 130 inspectors” working in Iran, insisting Tehran remains committed to cooperating with the nuclear watchdog.
Lebanon’s Hezbollah says fired dozens of rockets at Israeli base
- The Israeli army said its warplanes “struck a Hezbollah military structure... deep inside Lebanon,”
The Iran-backed Hezbollah group said it fired “dozens of Katyusha rockets” at an Israeli base in the occupied Golan Heights on Monday in retaliation for a strike in Lebanon’s east.
Earlier, Lebanese official media said three people had been wounded in an Israeli strike early Monday in the country’s east, with the Israeli army saying it had struck a Hezbollah “military compound.”
Hezbollah fighters launched “dozens of Katyusha rockets” targeting “the headquarters of the Golan Division... at Nafah base,” the group said in a statement, saying it was “in response to the enemy’s attack targeting the Bekaa region.”
Israel and Lebanon’s Hezbollah have exchanged regular cross-border fire since Palestinian militant group Hamas’s unprecedented October 7 attack on southern Israel sparked war in the Gaza Strip.
In recent weeks Hamas-ally Hezbollah has stepped up its attacks on northern Israel, and the Israeli military has struck deeper into Lebanese territory.
“Enemy warplanes launched a strike at around 1:30 am this morning on a factory in Sifri, wounding three civilians and destroying the building,” Lebanon’s official National News Agency said.
Sifri is located in Lebanon’s Bekaa Valley, near the city of Baalbek, around 80 kilometers from the Israel-Lebanon frontier.
The Israeli army said its warplanes “struck a Hezbollah military structure... deep inside Lebanon,” referring to the location as “Safri.”
Last month, a building in Sifri was targeted in an Israeli raid, according to a source close to Hezbollah, while the Israeli army said it had targeted Hezbollah sites in Lebanon’s east.
East Lebanon’s Baalbek area is a Hezbollah stronghold and has been repeatedly struck by Israel in recent weeks.
On Sunday official media in Lebanon said an Israeli strike on a southern village killed four family members, with Hezbollah announcing retaliatory fire by dozens of rockets toward Kiryat Shmona in northern Israel.
The intensifying exchanges have stoked fears of all-out conflict between Israel and Hezbollah, which went to war in 2006.
In Lebanon, at least 390 people have been killed in nearly seven months of cross-border violence, mostly militants but also more than 70 civilians, according to an AFP tally.
Israel says 11 soldiers and nine civilians have been killed on its side of the border.
Tens of thousands of people have been displaced on both sides.
Israel attacks Rafah after Hamas claims responsibility for deadly rocket attack
- Hamas claims attack on Kerem Shalom crossing into Gaza that Israel says killed three soldiers
- Sunday's attack on the crossing came as hopes dimmed for ceasefire talks underway in Cairo
CAIRO: Three Israeli soldiers were killed in a rocket attack claimed by Hamas armed wing, near the southern Gaza Strip city of Rafah, where Palestinian health officials said at least 19 people were killed by Israeli fire on Sunday.
Hamas's armed wing claimed responsibility on Sunday for an attack on the Kerem Shalom crossing into Gaza that Israel said killed three of its soldiers.
Israel's military said 10 projectiles were launched from Rafah in southern Gaza towards the area of the crossing, which it said was now closed to aid trucks going into the coastal enclave. Other crossings remained open.
Hamas' armed wing said it fired rockets at an Israeli army base by the crossing, but did not confirm where it fired them from. Hamas media quoted a source close to the group as saying the commercial crossing was not the target.
More than a million Palestinians are sheltering in Rafah, near the border with Egypt.
Shortly after the Hamas attack, an Israeli airstrike hit a house in Rafah killing three people and wounding several others, Palestinian medics said.
The Israeli military confirmed the counter-strike, saying it struck the launcher from which the Hamas projectiles were fired, as well as a nearby "military structure".
"The launches carried out by Hamas adjacent to the Rafah Crossing ... are a clear example of the terrorist organisation's systematic exploitation of humanitarian facilities and spaces, and their continued use of the Gazan civilian population as human shields," it said.
Hamas denies it uses civilians as human shields.
Just before midnight, an Israeli air strike killed nine Palestinians, including a baby, in another house in Rafah, Gaza health officials said. They said the new strike increased the death toll on Sunday to at least 19 people.
Israel has vowed to enter the southern Gaza city and flush out Hamas forces there, but has faced mounting pressure to hold fire as the operation could derail fragile humanitarian efforts in Gaza and endanger many more lives.
Sunday's attack on the crossing came as hopes dimmed for ceasefire talks under way in Cairo.
The war began after Hamas stunned Israel with a cross-border raid on Oct. 7 in which 1,200 people were killed and 252 hostages taken, according to Israeli tallies.
More than 34,600 Palestinians have been killed, 29 of them in the past 24 hours, and more than 77,000 have been wounded in Israel's assault, according to Gaza's health ministry.
Israel army says east Rafah evacuation a ‘limited scope operation’
- More than a million Palestinians are sheltering in Rafah, near the border with Egypt
- Three Israeli soldiers earlier killed in a rocket attack claimed by Hamas armed wing
CAIRO/JERUSALEM: The Israeli army on Monday said its operation to begin evacuating residents of eastern Rafah in the Palestinian territory of Gaza was temporary and limited.
“This morning ... we began a limited scope operation to temporarily evacuate residents in the eastern part of Rafah,” a military spokesman told journalists in an online riefing. “This is a limited scope operation.”
According to a radio report, the evacuations were now focused on a few peripheral districts of Rafah, from which, it said, evacuees would be directed to tent cities in nearby Khan Younis and Al-Muwassi.
Seven months into its offensive against Hamas, Israel has said Rafah harbors thousands of the Palestinian Islamist group’s fighters and that victory is impossible without taking the city.
But with more than a million displaced Palestinians sheltering in Rafah, the prospect of a high-casualty operation worries Western powers and neighboring Egypt.
Three Israeli soldiers were earlier killed in a rocket attack claimed by Hamas armed wing, near the southern Gaza Strip city of Rafah, where Palestinian health officials said at least 19 people were killed by Israeli fire on Sunday.
Hamas’s armed wing claimed responsibility on Sunday for an attack on the Kerem Shalom crossing into Gaza that Israel said killed three of its soldiers.
Israel’s military said 10 projectiles were launched from Rafah in southern Gaza towards the area of the crossing, which it said was now closed to aid trucks going into the coastal enclave. Other crossings remained open.
Hamas’ armed wing said it fired rockets at an Israeli army base by the crossing, but did not confirm where it fired them from. Hamas media quoted a source close to the group as saying the commercial crossing was not the target.
More than a million Palestinians are sheltering in Rafah, near the border with Egypt.
Shortly after the Hamas attack, an Israeli airstrike hit a house in Rafah killing three people and wounding several others, Palestinian medics said.
The Israeli military confirmed the counter-strike, saying it struck the launcher from which the Hamas projectiles were fired, as well as a nearby “military structure”.
“The launches carried out by Hamas adjacent to the Rafah Crossing ... are a clear example of the terrorist organisation’s systematic exploitation of humanitarian facilities and spaces, and their continued use of the Gazan civilian population as human shields,” it said.
Hamas denies it uses civilians as human shields.
Just before midnight, an Israeli air strike killed nine Palestinians, including a baby, in another house in Rafah, Gaza health officials said. They said the new strike increased the death toll on Sunday to at least 19 people.
Israel has vowed to enter the southern Gaza city and flush out Hamas forces there, but has faced mounting pressure to hold fire as the operation could derail fragile humanitarian efforts in Gaza and endanger many more lives.
Sunday’s attack on the crossing came as hopes dimmed for ceasefire talks under way in Cairo.
The war began after Hamas stunned Israel with a cross-border raid on Oct. 7 in which 1,200 people were killed and 252 hostages taken, according to Israeli tallies.
More than 34,600 Palestinians have been killed, 29 of them in the past 24 hours, and more than 77,000 have been wounded in Israel’s assault, according to Gaza’s health ministry.
Netanyahu uses Holocaust ceremony to brush off international pressure against Gaza offensive
- The ceremony ushered in Israel’s first Holocaust remembrance day since the Oct. 7 Hamas attack that sparked the war, imbuing the already somber day with additional meaning
JERUSALEM: Israeli Prime Minister Benjamin Netanyahu on Sunday rejected international pressure to halt the war in Gaza in a fiery speech marking the country’s annual Holocaust memorial day, declaring: “If Israel is forced to stand alone, Israel will stand alone.”
The message, delivered in a setting that typically avoids politics, was aimed at the growing chorus of world leaders who have criticized the heavy toll caused by Israel’s military offensive against Hamas militants and have urged the sides to agree to a ceasefire.
Netanyahu has said he is open to a deal that would pause nearly seven months of fighting and bring home hostages held by Hamas. But he also says he remains committed to an invasion of the southern Gaza city of Rafah, despite widespread international opposition because of the more than 1 million civilians huddled there.
“I say to the leaders of the world: No amount of pressure, no decision by any international forum will stop Israel from defending itself,” he said, speaking in English. “Never again is now.”
Yom Hashoah, the day Israel observes as a memorial for the 6 million Jews killed by Nazi Germany and its allies in the Holocaust, is one of the most solemn dates on the country’s calendar. Speeches at the ceremony generally avoid politics, though Netanyahu in recent years has used the occasion to lash out at Israel’s archenemy Iran.
The ceremony ushered in Israel’s first Holocaust remembrance day since the Oct. 7 Hamas attack that sparked the war, imbuing the already somber day with additional meaning.
Hamas militants killed some 1,200 people in the attack, making it the deadliest violence against Jews since the Holocaust.
Israel responded with an air and ground offensive in Gaza, where the death toll has soared to more than 34,500 people, according to local health officials, and about 80 percent of Gaza’s 2.3 million people are displaced. The death and destruction has prompted South Africa to file a genocide case against Israel in the UN’s world court. Israel strongly rejects the charges.
On Sunday, Netanyahu attacked those accusing Israel of carrying out a genocide against the Palestinians, claiming that Israel was doing everything possible to ensure the entry of humanitarian aid to the Gaza Strip.
The 24-hour memorial period began after sundown on Sunday with a ceremony at Yad Vashem, Israel’s national Holocaust memorial, in Jerusalem.
There are approximately 245,000 living Holocaust survivors around the world, according to the Claims Conference, an organization that negotiates for material compensation for Holocaust survivors. Approximately half of the survivors live in Israel.
On Sunday, Tel Aviv University and the Anti-Defamation League released an annual Antisemitism Worldwide Report for 2023, which found a sharp increase in antisemitic attacks globally.
It said the number of antisemitic incidents in the United States doubled, from 3,697 in 2022 to 7,523 in 2023.
While most of these incidents occurred after the war erupted in October, the number of antisemitic incidents, which include vandalism, harassment, assault, and bomb threats, from January to September was already significantly higher than the previous year.
The report found an average of three bomb threats per day at synagogues and Jewish institutions in the US, more than 10 times the number in 2022.
Other countries tracked similar rises in antisemitic incidents. In France, the number nearly quadrupled, from 436 in 2022 to 1,676 in 2023, while it more than doubled in the United Kingdom and Canada.
“In the aftermath of the October 7 war crimes committed by Hamas, the world has seen the worst wave of antisemitic incidents since the end of the Second World War,” the report stated.
Netanyahu also compared the recent wave of protests on American campuses to German universities in the 1930s, in the runup to the Holocaust. He condemned the “explosion of a volcano of antisemitism spitting out boiling lava of lies against us around the world.”
Nearly 2,500 students have been arrested in a wave of protests at US college campuses, while there have been smaller protests in other countries, including France. Protesters reject antisemitism accusations and say they are criticizing Israel. Campuses and the federal government are struggling to define exactly where political speech crosses into antisemitism.
