Iran-linked hackers target US transportation, manufacturing firms

This audio is auto-generated. Please let us know if you have feedback.

Hackers linked to the Iranian government have escalated attacks against certain U.S. critical infrastructure since the beginning of the Israel-Iran conflict, according to new research.

The Iran-linked threat groups, tracked as MuddyWater, APT33, OilRig, CyberAv3ngers, FoxKitten and Homeland Justice, tried to breach at least 10 U.S. companies, mostly in the transportation and manufacturing sectors, researchers at Nozomi Networks said on Wednesday.

MuddyWater targeted five firms, APT33 targeted three and the others targeted two, according to the research.

Hacker groups linked to Tehran launched 28 attacks in May and June, a significant increase from the 12 attacks that Nozomi observed in March and April. U.S. firms “appear to be the primary target,” Nozomi said of its observations to date.

MuddyWater has targeted organizations in the U.S., the U.K., Italy, Turkey, Saudi Arabia, Pakistan, India and other countries, according to Nozomi’s data. APT33’s attacks have been more narrowly tailored, focusing on the U.S., Israel, Saudi Arabia, the Netherlands and Switzerland. CyberAv3ngers, an alias of Iran’s Islamic Revolutionary Guard Corps, has only targeted U.S., Israeli and Ukrainian organizations, according to Nozomi.

Nozomi’s report came shortly after the Cybersecurity and Infrastructure Security Agency warned that Iran could use cyberspace to retaliate against the U.S. for stepping into the Israel-Iran conflict.

“Iranian-affiliated cyber actors and aligned hacktivist groups often exploit targets of opportunity based on the use of unpatched or outdated software with known [vulnerabilities] or the use of default or common passwords on internet-connected accounts and devices,” CISA said in the June 30 alert.

Pro-Iranian and pro-Palestinian hackers have already claimed responsibility for distributed denial-of-service attacks on U.S. banks, defense firms and oil companies, among others.

MuddyWater, which is believed to be tied to Iran’s Ministry of Intelligence and Security, has spent years trying to hack telecommunications, defense and energy firms, while CyberAv3ngers is best known for its recent attacks on industrial equipment controlling water systems and other infrastructure in the U.S. and abroad.

Nozomi’s report is not the first to link hackers connected to the Iranian government with attacks on transportation firms. In 2021, when Microsoft Exchange and Fortinet vulnerabilities led to a frenzy of attacks, CISA warned that Iran-linked hackers were using them to target U.S. transportation and healthcare firms. One year earlier, Bitdefender reported that Iran-linked operatives were trying to breach aviation firms in the Middle East.