On September 18, Symantec, a network security company, said that since July 2018, the gang of Tortoiseshell hackers has attacked at least 11 organizations, most of which are located in Saudi Arabia. The hacker group mainly targets Saudi IT vendors and collects data including IP addresses, the operating system version, computer name, and network connections on its network. Researchers say they don’t have enough information to attribute this behavior to a known organization or government. However, CrowdStrike’s vice president of intelligence said that the hackers described by Symantec seem to be supporting the Islamic Revolutionary Guard Corps.
An investigator in the Symantec security says, “Compromising a web server, with a likely old exploit, can be a simpler approach than using e-mail. The alternative of using a phishing e-mail to compromise the victim generally required the attacker to have at least some knowledge of the email recipient in order to customize the email to that individual.” He adds, “Saudi Arabian organizations have been the target of several hacking groups for several years now. There are no signs that this targeting of Saudi Arabian organizations will decrease.”
Cyber security experts warned that as the tension in the Gulf region escalates, the risk of malicious network activity increases. In the past 10 years, both Saudi Arabia and Iran have conducted large-scale hacking activities in their own countries. In 2009, it was reported that Stuxnet, a malware developed by the United States and Israel, invaded a nuclear enrichment facility in Iran and destroyed about 1,000 centrifuges. In 2012, tens of thousands of computers of Saudi Arabian oil giant Saudi Aramco were partially cleared or destroyed. Analysts believe that the malware is done by Iranian hackers. Recently, in 2017, Trisis malware led to the closure of a petrochemical plant in Saudi Arabia.
Published by Emerson L. Sullivan & last updated on September 20, 2019 2:21 am