It has been reported that one of Iran’s most active hacker groups appears to have shifted focus. Rather than just standard IT networks, they’re targeting the physical control systems used in electric utilities, manufacturing, and oil refineries. At the CyberwarCon conference today, a Microsoft security researcher plans to present new findings that show this shift in the activity of the Iranian hacker group APT33, also known by the names Holmium, Refined Kitten, or Elfin.
Commenting on this, Sam Curry, chief security officer at Cybereason, said “Microsoft’s research into APT33’s recent targeting of industrial control systems reminds us that in the great cyber game, it’s about using peacetime to build “optionality”; amass assets, resources and access. The Iranian cyber forces are masters of this, and seeing increases in the cold war that is cyber conflict, it makes sense that they would continue to grow what’s worked in the past: expand penetration of weak networks with high access, produce tools for use in the ecosystem of cyber aggressors and build capacity.