Microsoft Report: Iran linked DEV-0343 targeting US and Israeli defense firms

Given the past of Iran and its conflict with western nations, it did not turn out to be a surprise that Iran linked DEV-0343 was found to be involved in targeting US and Israeli defense firms.

From last two years, security researchers have highlighted dozens of malicious cyber attacks attributed to Iranian hacking groups. It will not to be wrong to suggest that unlike other nations in the Middle East region who have been found to be associated with foreign players for cyber operations, Iran is self-sufficient for launching both offensive and defensive cyber operations.

Like Egypt is known to be associated with Hacking Team and Chinese Privis Technology; Saudi Arabia and UAE are closely working with the controversial NSO Group while their geo-political counterpart Qatar is known to be associated with NSO Group, Gamma International, Global Risk Advisors (GRA), hacking Team and even Turkey to a large extent.

Recently, Microsoft Threat Intelligence Center (MSTIC) discovered a new cluster that belonged to Iranian hacking group DEV-0343 which targeted dozens of defense technology and maritime transportation firms by breaching a small number in a spying campaign run by them.

Microsoft also observed DEV-0343 has been targeting a defense company that supports United States, European Union, and Israeli government partners producing military-grade radars, drone technology, satellite systems, and emergency response communication systems.

According to Microsoft less than 20 of the targeted offices and 365 tenants were compromised in this campaign. No other details were provided on identity or geographic location of the compromised organizations.

Iran has been consistently upgrading its asymmetric warfare strategies to accomplish its political and military goals, and its development of cyber warfare capabilities.

For instance, few months ago, there was a news about a secret documents were revealed which include a layout plan for cyber attacking that could sink a cargo ship or blow up a fuel pump at a gas station.

These documents were secretly written by offensive unit of the Islamic Revolutionary Guard Corps’ (IRGC) cyber command, Shahid Kaveh. This clearly portrays Iran’s interest to launch cyber attacks against Western countries, including Israel, the United States, Britain and France.

In July 2021, the cybereason Nocturnus and Incident Response Teams responded to Iranian-linked Operation GhostShell, a highly-targeted cyber espionage campaign targeting the Aerospace and Telecommunications industries mainly in the Middle East, with additional victims in the U.S., Russia and Europe.

Operation GhostShell aims to steal sensitive information about critical assets, organizations’ infrastructure and technology. During the investigation, the Nocturnus Team uncovered a previously undocumented and stealthy RAT (Remote Access Trojan) dubbed ShellClient which was employed as a tool for cyber espionage.

This raises both a concern and awe for Iran is surfacing as a super power nation in the field of cyber warfare, while other Middle Eastern countries are still dependent on foreign actors.