Why Are Iran’s Dirtiest Hackers Targeting Saudi Oil Fields?

Iranian cyber criminals dominate the FBI's Cyber's Most Wanted List.

A computer hacker. Adam Berry/Getty Images

Iranians have increased their hacking abilities. They are successfully spying on and disrupting computers all around the world. Iranian criminals dominate the FBI’s Cyber’s Most Wanted List. Of the 31 names on the list, 12 are Iranian. Iran has found another way to wreak havoc upon the world.

Sign Up For Our Daily Newsletter

By clicking submit, you agree to our <a href="http://observermedia.com/terms">terms of service</a> and acknowledge we may use your information to send you emails, product samples, and promotions on this website and other properties. You can opt out anytime.

See all of our newsletters

Chafer, one of Iran’s most sophisticated hacker groups, has been active since 2013 or 2014 and has attacked Israel, Saudi Arabia, Turkey, United Arab Emirates and Jordan by disrupting their telecommunication systems and networks, among other nefarious deeds.

Chafer does not only interfere with the virtual world, it gets down and dirty with the real world—an example is its attack on Saudi Arabia. That attack was not created to merely disrupt and shut down computers. According to The New York Times, Chafer’s intent was to cause a Saudi oil field to explode. Had the hacking group been successful, an explosion of that magnitude would have elevated cyber terror to an entirely new level. It could have brought the region to war.

Chafer has also been linked to attacks against airlines and travel companies in Africa and the Middle East. Symantec, the cyber research and security company best known for creating the ubiquitous product Norton Anti-Virus, describes this Iranian hacking group as aggressive, with a penchant for setting their sights on ambitious targets.

According to a Symantec report, “The group staged a number of ambitious new attacks last year, including the compromise of a major telecoms services provider in the region.” The report continues, “There is also evidence that it attempted to attack a major international travel reservations firm.”

Symantec reported that Chafer uses seven new methods of cyber attack all available on the open web. They can spy on and even alter their targets’ computer systems. They can take control whenever they want. The Symantec report raised another series of red flags: “Chafer’s recent activities indicate that the group remains highly active, is continuing to hone its tools and tactics, and has become more audacious in its choice of targets. Although a regional actor, the group has followed two trends seen globally among targeted attack groups.”

Another Iranian hacker group, named Advanced Persistent Threat APT-33, is also very active and warrants monitoring. APT-33, APT-34 and APT-35 have been attacking the United States, South Korea and Saudi Arabia.

APT-33 et al is not the name the hackers chose for their group. It’s the name the good guys—white hat hackers, techies, IT people and defense nerds—chose for them. These white hats are the people in the private sector and in the government charged with defending corporations and governments.  They are the first and last line of defense that protects democracy against evil hackers from places like Iran.

White hat hackers and other people on the good side of cyber spying often share information. It is an effective method of creating a better defense overall. Hackers, like artists, have a characteristic style and often leave their signature. The white hats gave APT-33 their name precisely because they pose an advanced and persistent threat to the freedom-loving world.

Before APT-33 et al and Chafer, there was a well known Iran-based hacking group known as Crambus. Chafer bares many similar traits to Crambus. This could mean that Chafer’s and Crambus’ hackers are one and the same, that Chafer is the new version of Crambus, or, more likely, that Crambus’ hackers joined Chafer’s team. The main evidence of a connection between the two groups is that, at one time, both Chafer and Crambus used the same IP address.

In January of this year, the Carnegie Foundation for International Peace published a report that alerted the world to Iranians’ hacking skills. Their researchers followed Iranian hackers for a decade and uncovered many of their methods, styles and objectives. The Carnegie Foundation discovered Iranians were developing Malware and testing it on themselves. The report includes transcripts of Iranian hackers, offering proof of their frustrations and even their methods for resolving problems.

These Iranians want access. They want to control the systems they hack. They want the information in those systems. They want to bring their victims to their knees.

Ten years ago, Iran was not even a player in the world of cyber hacking. Today they are contenders. Their sights are set not simply on the targets of yesteryear like the West, the United States and Israel. Today, some Iranians are focusing their cyber attacks on fellow Muslims.

Iran is bringing the traditional Shiite-Sunni conflict into cyber space. Any country that challenges Iran will be targeted—including Saudi Arabia, the country’s main religious rival and now on top of its cyber hit list.

Why Are Iran’s Dirtiest Hackers Targeting Saudi Oil Fields?