The group, dubbed "Leafminer," has attacked networks in Saudi Arabia, the UAE, Qatar, Kuwait, Bahrain, Egypt, Israel and Afghanistan, according to a report issued by US cyber security firm Symantec.
By SANDEEP SINGH GREWAL/GULF DAILY NEWSHacker(photo credit: INGIMAGE / ASAP)
Manama, Bahrain (Tribune News Service) - A group of “highly active” hackers based in Iran have been found to be trying to steal vital information from governments in the Middle East.The group, dubbed "Leafminer," has attacked networks in Saudi Arabia, the UAE, Qatar, Kuwait, Bahrain, Egypt, Israel and Afghanistan, according to a report issued by US cyber security firm Symantec.However, an Information and eGovernment Authority (iGA) spokesman told the GDN yesterday “no indication was found up until now that Leafminer targeted the portal or any systems managed by IGA.”The cyber espionage group’s targets includes the “energy, telecommunications, financial services, transportation and government” sectors.Means of intrusion used to infiltrate target networks consisted of infecting malware on websites often visited by the users, also known as watering hole style attacks, and using brute-force login attempts, which features trying numerous passwords with the hope of eventually breaching the network.“Symantec has uncovered the operations of a threat actor named Leafminer that is targeting a broad list of government organizations and business verticals in various regions in the Middle East,” stated a threat intelligence report by Symantec.Operations reportedly began in early 2017 but has increased since the end of last year.“Leafminer is a highly active group, responsible for targeting a range of organizations across the Middle East.“The group appears to be based in Iran and seems to be eager to learn from, and capitalize on, tools and techniques used by more advanced threat actors.”The report also said an investigation into Leafminer revealed a list, written in Farsi, of 809 systems targeted by the hackers.
