Iran – Malware University

“About 84% of these attacks targeted our enterprise customers, and about 16% targeted consumer personal email accounts,” says Microsoft Corporate Vice President for Customer Security & Trust, Tom Burt. Hacking groups from Iran, North Korea, and Russia were behind the vast majority of nation-state attacks against Microsoft customers over the past year, with the most notable activity coming from threat actors such as “Holmium” and “Mercury” operating from Iran, “Thallium” operating from North Korea, and two actors operating from Russia called “Yttrium” and “Strontium.”

The data collected by the Microsoft Threat Intelligence Center while analyzing these attacks has been added by Redmond within its own security products which help the company protect its customers from future advanced persistent threat (APT) group operations targeting its user base. Microsoft also issued 781 notifications to organizations part of its free AccountGuard service after unearthing a number of attacks coordinated by APT groups and targeting democracy fundamental entities such political parties and campaigns, as well as democracy-focused think tanks and nongovernmental organizations (NGOs) from 26 countries across four continents.

While monitoring nation-state backed cyber-espionage campaigns, Microsoft detected attacks targeting the 2016 U.S. presidential election and the last French presidential election, with U.S. senatorial candidates also being under siege in 2018 after being attacked by the Russian-backed Strontium hacking (aka Fancy Bear or APT28 ). A number of other cyber-espionage campaigns targeting European democratic institutions were also detected by Redmond’s Threat Intelligence Center (MSTIC) and Digital Crimes Unit (DCU) between September and December 2018, with employees of the German Council on Foreign Relations, the Aspen Institutes in Europe and the German Marshall Fund being among some of the targeted individuals in these attacks.

“As we head into the 2020 elections, given both the broad reliance on cyberattacks by nation-states and the use of cyberattacks to specifically target democratic processes, we anticipate that we will see attacks targeting U.S. election systems, political campaigns or NGOs that work closely with campaigns,” added Burt.

Original story published at Washington Post

Insiders in the US government discussed Trump’s approval of electronic operations against the Iranian Revolutionary Guard recently. The new policy of “defending forward” are implementing policies directed by Trump to bring battles to adversaries’ virtual infrastructure.

Thomas Bossert, former White House cybersecurity official, explained the actions as defending US interests in keeping the Strait of Hormuz open for trade among allied nations. He asserts this is what the US Navy must do to “defend” itself at sea in the Gulf area.

Will opposing nations’ cyber activity release the pressure valve which historically lead to physical conflict? So far recently history has suggested cyber operations may allow for nations to quench the thirst for bloodshed through a different medium, invisible to the eye and the population’s day-to-day activities in all but the most aggressive cyber operations.

Expect cyber warfare activity to increase in the near future among the US and Iran. Israel also has a major stake in this conflict and is likely to engage in their own operations if not work directly with US intelligence to counter the threats they see in the Iranian state.

This conflict may temporarily decrease attacks from Iran against neighboring Gulf states as the Iranian apparatus focuses their energy on the most direct threat. The past few months have seen massive doxxing/leaks of purported APT34/OilRig activity, targeting the broader Middle East government and business entities, proving Iranians have upped their game significantly since the Shamoon v1 days of 2012.

Tag: Iran

Microsoft Claims Russia/Iran/North Korea Most Aggressive

US Approves Cyberstrikes Against Iranian Missile Systems