An Iranian hacking group has moved from politically motivated website defacements to a new specialty – cyberespionage.
The group known as the Ajax Security Team has been outed as the perpetrators of a number of espionage operations against U.S.-based defense contractors in addition to targeting Iranians using software that bypasses the country’s Internet filters.
Security company FireEye reported today that the Ajax Security Team uses custom-built malware in its attacks, and is adept at social engineering as a means of infecting targets.
“The transition from patriotic hacking to cyber espionage is not an uncommon phenomenon. It typically follows an increasing politicization within the hacking community, particularly around geopolitical events,” researchers Nart Villeneuve, Ned Moran, Thoufique Haq and Mike Scott wrote today. “This is followed by increasing links between the hacking community and the state, particularly military and/or intelligence organizations.”