Chafer: Hacking group expands espionage operation with new attacks

A hacking operation has expanded its operations taking advantage of new tools to attack organisations across the Middle East for the purposes of surveillance and intelligence gathering. Targets are mostly working in telecoms and transport and their surrounding supply chains – with IT software, payroll, aircraft services and engineering firms all targets during the last year. The operations of Chafer, an Iran-based targeted attack group have been detailed by researchers at security company Symantec, who note that since first being exposed in 2015, the group has expanded its surveillance and cyber attack operations.

Several new tools have been added to the Chafer arsenal, including the EternalBlue exploit – the leaked NSA exploit which powered last year’s WannaCry and NotPetya outbreaks – allowing the attackers to more easily traverse target networks. In total, Chafer has deployed seven new tools, which it has used to attack nine new targets in the Middle Eastern region, including organisations in Israel, Jordan, the United Arab Emirates, Saudi Arabia, and Turkey. Researchers also found evidence that Chafer has carried out attacks against an African airline and attempted to compromise an ‘international travel reservations firm’ – although attacks on the latter weren’t successful.

Read more about Symantic’s analysis of the Chafer hacking group on ZDNet.

Track the strategic threats to your business with the Threat Brief, delivered to your email daily.

Subscribe Here