How Iranian Hackers Tricked their Prey

Posted on

For years, Iran has been a leader in state-sponsored hacking, attacking governments and businesses across the world. While the government has proven their advanced abilities, other groups in the area have been able to operate without detection. Until now, the world was unaware of the power these cyber-terrorists developed. This summer, security experts from TrapX, who were working for a military contractor, spent 18 days battling a team of advanced hackers trying to break into their network.

The hackers were believed to be Iranian but were using a tool-set created by a known Russian hacker that is typically circulated through Russian dark-net forums. Additionally, the web domains and email addresses used during the attack have Russian origins and continue to be used by a known Russian hacker. This type of attack is similar to one in 2015, where the hackers were able to shut down portions of Ukraine’s power grid.  There were also similarities to hundreds of other attacks that the Iranians attempted and executed.

During these attacks, hackers mimick internal IP addresses to try to enter a system undetected. A majority of these codes were identical to those used in 2015. Although they didn’t utilize the most advanced hacking methods, the team dedicated a lot of time to the planning and execution of their attack. Once the firm’s experts detected the hacking, the criminals would lie in wait for their next opportunity.

The team defending the network was sure they could continue to protect against the code they had studied. However, during the last attempt to enter the system, the attackers utilized a groundbreaking new tool that was created to be encrypted and to evade typical methods of analyzation. Understanding this new tool took weeks for the team of experts.  For the military contractor to win the battle, their team of cyber-security experts set up a bait network with fake information to lure them in. Then, once the hackers were in the system, the experts could learn their behavior and set up a defense against it within the real networks.

Although the TrapX team had a successful defense method, this type of attack leads governmental and business organizations around the world to question their current defense methods. It is critical that all hardware and software is updated frequently to be able to thwart off hackers, but there is no sure-fire way to protect an infrastructure. If you are interested in building a proactive response for your business, including a backup and disaster recovery plan, contact us today to get started!