A HACKING group that appears to be linked to Iran has been targeting israeli shipping in recent years, as the shadow war between Israel and Iran began to play out at sea after mainly being waged on land and in the air, a leading US cybersecurity firm said.
The hacking group focused on collecting intelligence from Israeli entities and has also targeted Israeli government, energy and health care organizations, said the Virginia-based cybersecurity firm Mandiant, reports The Times of Israeli.
The cybersecurity group warned that intelligence and data the hackers obtained could be leveraged for nefarious activities, such as becoming fodder for damaging leaks or guiding direct military action. It wasn't clear how successful the hackers had been in their attacks.
The hacking group has also targeted some global companies, indicating its activity may go beyond Israel, although there is no known target outside Israel so far.
Mandiant said it was moderately confident that the group is linked to Iran and has found some technical remnants pointing to an Iranian link, such as the use of Persian, including the word khoda, which means 'God.'
The group appeared to pursue activities that would support Iranian interests and operations, including shipping groups that handle sensitive components. The focused targeting of Israeli entities was similar to that of other Iranian attackers.
'The shipping industry and the global supply chain are particularly vulnerable to disruption, especially in places where a state of low-level conflict already exists,' John Hultquist, the vice president of threat intelligence at Mandiant, said in a statement.
'This is a reminder that global companies face global threats. Iran's cyberconflict with Israel threatens Israel and those who operate there,' he said.
The hacking group has been active since at least late 2020, and was still operating as of the middle of this year.
Mandiant dubbed the unnamed hacking group UNC3890, using the 'UNC' designation for 'uncategorised' groups.
SeaNews Turkey
The hacking group focused on collecting intelligence from Israeli entities and has also targeted Israeli government, energy and health care organizations, said the Virginia-based cybersecurity firm Mandiant, reports The Times of Israeli.
The cybersecurity group warned that intelligence and data the hackers obtained could be leveraged for nefarious activities, such as becoming fodder for damaging leaks or guiding direct military action. It wasn't clear how successful the hackers had been in their attacks.
The hacking group has also targeted some global companies, indicating its activity may go beyond Israel, although there is no known target outside Israel so far.
Mandiant said it was moderately confident that the group is linked to Iran and has found some technical remnants pointing to an Iranian link, such as the use of Persian, including the word khoda, which means 'God.'
The group appeared to pursue activities that would support Iranian interests and operations, including shipping groups that handle sensitive components. The focused targeting of Israeli entities was similar to that of other Iranian attackers.
'The shipping industry and the global supply chain are particularly vulnerable to disruption, especially in places where a state of low-level conflict already exists,' John Hultquist, the vice president of threat intelligence at Mandiant, said in a statement.
'This is a reminder that global companies face global threats. Iran's cyberconflict with Israel threatens Israel and those who operate there,' he said.
The hacking group has been active since at least late 2020, and was still operating as of the middle of this year.
Mandiant dubbed the unnamed hacking group UNC3890, using the 'UNC' designation for 'uncategorised' groups.
SeaNews Turkey