U.S. companies are bracing for a new round of Iranian cyberattacks ahead of sanctions that will be imposed on Iran in early November. The cybersecurity firm FireEye warned attacks should be expected as sanctions against Iran’s oil industry will significantly increase in early November.
Hackers aligned with the Iranian government increased cyberattacks against the U.S. in the months after U.S. President Trump canceled the nuclear agreement.
Between July 2-29, 2018, the hackers specifically targeted energy companies in the Middle East as well as companies in North America and Japan, FireEye representatives said. Those attacks were unsuccessful.
Hackers used a scheme called “spear-phishing,” where the malware masquerades as a legitimate email. The virus is used to steal user data, including login credentials, and targets a specific audience. In this case, the email was made to look like it was from a known energy company and tried to get the victim to open a link to apply for a job.
A cyberattack by Iran against the Saudi-Arabian oil giant Aramco forced the company to shut down its network and destroy 30,000 of its computers. That virus also targeted the Qarai natural gas company RasGas. It deleted hard drives and then displayed a picture of a burning American flag on computer screens.
A previous attack hit Saudi government computers in 2016.
“Whenever we see Iranian threat groups active in this region, particularly in line with geopolitical events, we have to be concerned they might either be engaged in or pre-positioning for a disruptive attack,” said Alister Shepherd, a director of a FireEye subsidiary, speaking to Associated Press.