FireEye has uncovered evidence of a hacking organization that has been operating since 2009 and has primarily targeted both Iranian dissidents and U.S. defense businesses.
Dubbed “Ajax Security Team,” the hacker group intensified the level of its cyber activity from defacing several websites to conducting espionage operations, FireEye said Tuesday.
Hackers also took aim at Iranians who use anti-censorship tools Proxifier and Psiphon, which are designed to bypass the nation’s web filtering system.
“We have witnessed not only growing activity on the part of Iranian-based threat actors, but also a transition to cyber-espionage tactics,” said Nart Villeneuve, FireEye senior threat intelligence researcher.
“We no longer see these actors conducting attacks to simply spread their message, instead choosing to conduct detailed reconnaissance and control targets’ machines for longer-term initiatives,” Villeneuve added.
The company found that Ajax uses private malware tools and social engineering methods to infect their targets’ systems.
A FireEye analysis of data on the group’s 77 victims indicates that mostly had their computers set to Iran Standard Time and Persian default language.