An IT hacker, working with an American cyber security company, has reported the discovery of a "highly active" Iranian cyber espionage group whose broad list of objectives consists mainly of large organizations and companies in the Middle East.
Cyber security company Symantec, creator of Norton antivirus software, which discovered the existence of the cyber espionage group, dubbed it “Leafminer”. According to the security company, the group has been active since the beginning of 2017, but only in 2018 did it "significantly intensify its activities" and is currently involved in dozens of ongoing attacks.
In a report released Wednesday, Symantec said its security experts managed to get what appears to be Leafminer's main target list. The list is written in the Farsi language and contains just over 800 organizations, which Symantec researchers say is "an ambitious target" for any cyber espionage group. The organizations listed on the target sheet come from a variety of sectors, including government, transportation, finance, energy, and telecommunications. But most of the group's targets appear to be in the petrochemical and government sectors. Additionally, virtually all of Leafminer's lenses are located in the Middle East and North Africa, in countries such as Israel, Egypt, Bahrain, Qatar, Kuwait and the United Arab Emirates. Some of the group's targets lie in Afghanistan and Azerbaijan.
Symantec said its researchers observed that Leafminer hackers carry out real-time attacks on at least 40 targets in the Middle East, including the website of an intelligence agency in Lebanon. According to the cybersecurity company, Leafminer uses a variety of hacking tools, including custom designed malware and some publicly available software. The group's operational sophistication is also diverse and ranges from complex multi-layered attacks to brute-force login attempts.
Symantec said it concluded that the cyber espionage group is from Iran because its main target list is written in Farsi and because Iran is virtually the only country in the Middle East that is missing from the target list. However, he said he didn't have enough evidence to link Leafminer to the Iranian government. In a separate development, Germany's domestic intelligence agency, the Federal Office for the Protection of the Constitution (BfV), said this week in its annual report that the Iranian government has significantly expanded its cyberwarfare capabilities and " represents a danger to German companies and research institutes “.