Ajax
Security Team
which has been targeting both US defense companies as well as those
in Iran is using popular anti-censorship tools to bypass internet
censorship controls in the country.
This
group which has its roots in popular Iranian hacker forums such as
Ashiyane
and Shabgard,
has engaged in website defacements since 2010. However by 2014 this
group is transitioned to malware-based espionage with use of
methodology consistent with other advanced persistent threats in this
region.
It
is unclear if the Ajax Security Team operates in isolation or is part
of a larger coordinated effort. We observed this group uses varied
social engineering tactics to lure targets to infect themselves with
malware. They use malware tools that do not appear to be publicly
available. Although we did not see the use of to infect victims,
members of the Ajax Security Team previously used exploit code in web
site defacement operations.
The
objectives of this group are consistent with Iran’s efforts to
control political dissent and expand offensive cyber capabilities but
we believe that members of the group may also be involved in
traditional cybercrime. This indicates that there is a considerable
gray area between the cyber espionage capabilities of Iran hacker
groups and any direct Iranian government or military involvement.
Although
the Ajax Security Team’s capabilities remain unclear, we believe
that their current operations are somewhat successful. We assess that
if these actors continued the current pace of their operations they
will improve their capabilities in the mid-term.
No comments:
Post a Comment