Cyber attacks by Iranian hackers are on a rise in Asian countries as well
Iran is known to have exercised its sophisticated cyber abilities gradually to control social and political activity and to harm regional and international adversaries. Iranian hackers are treacherous not because they have distinctively sophisticated approaches but because they are gradually evolving their attack techniques as per the changing cyber ecosystem.
Iranian hackers have rapidly escalated their cyber capabilities in recent years. The focus of several Iranian threat groups on the IT sector particularly spiked in the last six months — roughly 10–13% of our notifications were related to Iranian threat activity in the last six months, compared with 2.5% in the six months prior.
Iranian hackers are on the radar for targeting Middle-East rivals and Western countries. However, it is not coming to the notice that Iranian hackers are now expanding their hacking web to Asian countries as well.
One of the key Asian actors in the region is India. As India and other nations rise as major IT services hubs, more nation-state actors like Iran, China and Pakistan follow the supply chain to target these providers’ public and private sector customers around the world matching nation-state interests.
India’s strategic cyber assets have been under attack by hackers from Pakistan and China for a long time. The country itself also holds a strong record of reversing and retaliating against Pakistani cyber attacks. In recent years, the Indian government has claimed that it has been attacked by Iranian hackers on various occasions.
Recently, India’s cyber security grid has been besieged by the powerful states of Middle Eastern Nations- Iran. The Iranian hackers have been operating hacking campaigns to breach the deliberate online architecture of the country’s administrative department. Several government departments, including defense, banking, police, education, telecom, and Private IT companies have been under attack by the attackers. The cyberattacks were noticed in Kerala, Bihar, Assam, West Bengal, Andhra Pradesh, Telangana and Maharashtra.
According to the Indian sources, the Ministry of Home Affairs, the experts were targeted by a new wave of ransomware attacks by the hackers of Iran. The nature of the cyber attack is described as ‘lock and leak’ operations. In this state-sponsored cyber attack, the hackers lock down an online system entirely by using ransomware attack and download the sensitive information from the system also blackmailing the victims into paying ransom to the hackers.
Over the past several years, the conflict between Iran and Israel is consistent as almost all the cyberattacks on Israel were associated with Iran. In October 2021, Black Shadow (Iranian hacking group) targeted cyberserve (Israeli conglomerate) leads in several popular websites getting taken down temporarily. In December also another hacking group “Charming Kitten” targeted the Israeli government and business sectors.
In February 2022, another Gulf nation ‘Turkey’ was targeted by MuddyWater (an Iranian advanced persistent Threat actor). This hacking campaign was identified by Cisco Talos. The group exposed that a malicious hacking campaign has been launched targeting high profiles in Turkey.
According to ‘The Jerusalem Post’, On April 2022, Pro- Iranian hackers targeted the Israeli live stream radio station’s site on Quds Day. A video that replaced the live streams showed the word “hacked” and a number of Israeli logos and the sound of a siren were played, followed by a recording in Arabic with a video of the Temple Mount and a rocket being fired. The targeted sites include 100 FM. 102.5 FM, 91 FM, Radio Sol, and Hidabroot. The hackers behind the cyberattacks are suspected to be the “Hackers of savior” Group.
The “Hackers of savior” Hacking group, also threatened the Israeli province to release the identification information of millions of Israeli citizens, including back data and data from Ashdod and Haifa ports.
In 2020, the same hacking group also operated a hacking campaign against ‘The Jerusalem Post” and hundreds of other Israeli websites. In this cyber attack, the hacking group replaced the pages of websites with an anti- Israel video and messages in the Hebrew language.
Iran itself is a superpower nation, as this state is capable of launching offensive cyber attacks. There are still many other gulf nations that take help from other regions in the domain of cyber warfare.
For instance, Qatar took helped by Turkey, US-based Global Risk Advisors (GRA), Candiru, and Italy’s Hacking Team while UAE is supported by Israeli firm NSO Group, Bulgaria’s Circles, and Baltimore’s Cyber Point, and Saudi Arabia was supported by Germany’s Gamma International and Israeli NSO Group. Bahrain too was supported by Italy’s Hacking Team and Egypt by Chinese interception company Privis Technology for Cyber assistance.
In the last, we can speculate that apart from Middle Eastern Nations, Iran is on the verge of expanding its state-sponsored cyber-attacks across the Asian countries as its recent target become the Indian Region.
