Security News > 2020 > January > Hackers Target European Energy Firm: Researchers

Hackers who may have ties to Iran have recently turned their attention to the European energy sector, using open source tools to target one firm's network as part of an cyberespionage operation, according to the security firm Recorded Future.

The precise goal of the campaign that the Recorded Future analysts describe in a report released Thursday is not clear, although other studies have found that several Iranian-backed advanced persistent threat groups have targeted U.S. and European businesses connected to the energy sector over the last several years - before the tensions between the U.S. and Iran recently heated up.

In the incident described by Recorded Future, hackers targeted a company described as "a key organization in the European energy sector." The researchers believe the attack started several months before the Jan. 2 death of Major General Qasem Soleimani, leader of the foreign wing of Iran's Islamic Revolutionary Guard Corps, in a U.S. drone strike in Iraq.

The use of the Pupy remote access Trojan and other open source tools has led Recorded Future analysts to suspect that the group behind the hacking is an organization the security firm refers to as APT33, although other researchers call the group Elfin, Refined Kitten, Magnallium and Holmium.

In this latest case, it appears that the intrusion targeting the European energy firm started in November 2019 and continued through at least Jan. 5, according to the Recorded Future report.

News URL

https://www.inforisktoday.com/hackers-target-european-energy-firm-researchers-a-13645