Iran Hacks into U.S. Aerospace and Satellite Technology Resources

By Kayla Deruiter on October 8, 2020

Executive Summary:

Three Iranian hackers were charged on September 17, 2020 with campaign identity theft and hacking into the United States aerospace and satellite technology and resources on behalf of the Iranian government. The three men charged were nationals of the Islamic Republic of Iran and were in a group known as Iran’s Islamic Revolutionary Guard Corps (IRGC). This hacking campaign started back in July 2015 until February 2019 and targeted multiple organizations in the United States and other countries to obtain information. Not only did they steal sensitive information, but were also sabotaging websites to retaliate the killings of the head of IRGC back in January. These hackers used social engineering techniques to pull information from targeted people and steal their identities online to pursue sending out malware to friends and coworkers in links and messages, which then allowed them to gain access to the computer systems.

Open Source Intelligence (OSINT) Details:

The men accused for cybercrime are Pourkarim Arabi, Mohammad Reza Espargham, and Mohammad Bayati, all charged with conspiracy to commit computer intrusion, obtaining information by unauthorized access and other related crimes. These men are currently facing maximum punishment of up to 20 years in prison. At one point out of the years the defendants have been doing this, they had a target list of over 1,800 online accounts that belonged to organizations that possessed information about aerospace or satellite technologies. Some of the countries targeted were Australia, Singapore, the United States, and the United Kingdom. “We will relentlessly pursue and expose those who seek to harm American companies and individuals wherever they reside in the world,” said G. Zachary Terwilliger, U.S. Attorney for the Eastern District of Virginia, in response to the use of malware and theft of commercial data from the IRGC to steal identities and commit unlawful actions against the United States. 

These hackers were able to conduct social engineering attacks on individuals on the target list to gain information and pose as them online to send messages to people they knew containing malware. The FBI released details on the eight different sets of malware that was used in Iran to infiltrate an individual’s computer, some using links and some exploiting VPN vulnerabilities. Rana Intelligence Computing Company, which is a popular tech industry in Iran, were helping Iran’s intelligence and security to target 15 U.S. companies and gain information from over 30 other countries, by performing computer intrusion and malware attacks. This resulted in the United States Department of the Treasury imposing sanctions on Rana Intelligence Computing Company, and the threat group Advanced Persistent Threat 39 (APT39) who were behind the face of the company committing these attacks. There were 45 actors in APT39, and not only did they target other countries, but in a report says they also were also targeting and monitoring Iranian citizens who were former government employees, journalists, and part of other organizations. The FBI’s response of this cyber-attack is coming up with a new cyber strategy to impose more of a risk and consequences on adversaries, and making it harder to commit cyber-attacks using malicious activity. They also intend to work more with other agencies, foreign and domestic to mitigate these threats.

 

Potential Impacts:

Iran has been developing advanced space technology to improve telecommunications and imaging. With the information that the Iranian government gained from other countries’ aerospace research and satellite development, they could implement those plans to advance their own technology. They also could use the knowledge from other countries to potentially use it against them and find vulnerabilities to use to their advantage. If the information is used for malicious intent, we could expect the government to change their blueprints or developments for any aerospace related research because they were compromised.

Significance:

Iran is one of the countries the U.S. always has conflict with. Exploiting information is nothing new, and will most likely continue to happen. The FBI says that they will continue efforts into securing our data and minimizing the cyber-attacks that happen within the country. This could be done by constantly updating security, educating employees and knowing the signs of an insider threat, and doing routine audits. No matter what security measures are taken, there will be adversaries constantly working to obtain confidential information for their benefit.

Sources:

Iran at Center of Cyber Crime Charges in Three Cases. (2020, September 18). Retrieved September 20, 2020, from https://www.fbi.gov/news/stories/iran-at-center-of-cyber-crime-charges-in-three-cases-091820

Iran-Based Threat Actor Exploits VPN Vulnerabilities. (2020, September 15). Retrieved September 20, 2020, from https://us-cert.cisa.gov/ncas/current-activity/2020/09/15/iran-based-threat-actor-exploits-vpn-vulnerabilities

Iranian Hackers Indicted for Stealing Data from Aerospace and Satellite Tracking Companies. (2020, September 17). Retrieved September 20, 2020, from https://www.justice.gov/usao-edva/pr/iranian-hackers-indicted-stealing-data-aerospace-and-satellite-tracking-companies

 

Rana Intelligence Computing Company. (2020, September 18). Retrieved September 20, 2020, from https://www.ifmat.org/09/18/rana-intelligence-computing-company/Thielman, S. (2015, October 02). Experian hack exposes 15 million people’s personal information. Retrieved September 15, 2020, from https://www.theguardian.com/business/2015/oct/01/experian-hack-t-mobile-credit-checks-personal-information

Related Posts