APT 33

Election hacking seemingly dominates United States cybersecurity discussions, with the focus being, “did Russia hack our election?” I don’t necessarily care about that. What I do care about are the cybersecurity threats from enemies of the state.

A few days ago, security company FireEye released a report detailing the origins of what they deemed “APT 33.” APT is an acronym for ‘advanced persistent threats,’ which is a general term to describe identified threats that could be problematic in the future. Based on their analysis, FireEye believes APT 33 operates on behalf of the Iranian government.

Since 2013, analysts at FireEye have tracked APT 33 as it conducted various cyber espionage operations in the United States, Saudi Arabia, and South Korea. In mid-2016 to early 2017, APT 33 targeted a U.S. organization in the aerospace sector and a business conglomerate located in Saudi Arabia with aviation holdings. More recently in May of 2017, APT 33 targeted a Saudi Arabian and South Korean business conglomerate, based in oil and petrochemicals, by using malware disguised as a job vacancy announcement with the Saudi company.

Iran’s targets are a bit unsettling. First, Iran and Saudi Arabia are not friendly. In fact, Iran’s quasi-friendly relationship with Qatar is one of the reasons as to why Saudi Arabia presented the tiny Gulf nation with a list of demands after cutting diplomatic ties. FireEye speculates that Iran was likely searching for ways to enhance its own military aviation capabilities against its regional adversaries. The U.S. may have been a target simply because it supplies Saudi Arabia with an large amount of arms - $110 billion worth – to the Gulf state. 

Second, Iran has often expressed interest in growing their petrochemical industry, and has even engaged in partnerships with nations like South Korea. So why would the Iranians be targeting a new partner? It is unclear. However, analysts at FireEye believe Iran may have targeted the Saudi and South Korean chemical company as a way to improve its own competitiveness.

APT 33 targets. Source: https://www.fireeye.com/blog/threat-research/2017/09/apt33-insights-into-iranian-cyber-espionage.html

This discussion also highlights the importance of enhanced partnerships between the government and the private sector. I’m assuming the analysts at FireEye were the first to put out a detailed report on APT 33, which proves that sometimes private technology firms can allocate human capital and utilize advanced technology more efficiently than the government.

Labeling APT 33 as an advanced persistent threat is wise. Based on the Iranian’s growing cyber capability, they could soon begin procuring or finessing cyber weapons. As our dependence on technology deepens, so does our attack surface, meaning new ways to attack the U.S. via cyberspace are growing. Regardless of the subject – aerospace firms, Equifax, or the power grid – a foreign cyber-attack or act of espionage on the U.S. is and should always be a national security issue.