By stealing sensitive information from states, Iran’s cyber-espionage poses a threat to countries in the Middle East region, including Israel, according to a recent report by cybersecurity company Cybereason.
Cybereason, a cybersecurity technology company, headquartered in Boston, Massachusetts, published a report on Wednesday detailing an Iranian-based group’s operations targeting the US, Russia, Europe, Israel, and the Middle East.
The group nicknamed “MalKamak,” targets companies including those in the telecom and aerospace sectors, according to Cybereason and media reports.
According to Cybereason, their research “resulted in the identification of a new Iranian threat actor dubbed MalKamak that has operated since at least 2018 and remained publicly unknown thus far.”
“The investigation draws possible connections to other Iranian state-sponsored threat actors including Chafer APT (APT39) and Agrius APT [Advanced persistent threat],” the report added.
Cybereason reported that Chafer APT has been active since at least 2014 and is believed to be linked to the Rana Intelligence Computing Company, a Teheran-based company, previously known to serve as a front company for the Iranian Ministry of Intelligence and Security.
Chafer APT is reportedly known to attack targets in the Middle East, US, and Europe.
Another Iranian threat actor, Agrius APT, has been known to attack mainly Israeli organizations and companies, “carrying out destructive operations under the guise of ransomware attacks,” Cybereason said.
“While some possible connections to known Iranian threat actors were observed, our conclusion is that MalKamak is a new and distinct activity group, with unique characteristics that distinguish it from the other known Iranian threat actors,” the cyber security company added.