DUBAI: A group of hackers suspected of working in Iran for its government is targeting the aviation and petrochemical industries in Saudi Arabia, the US and South Korea, a cybersecurity firm warned Wednesday.
The report by FireEye also said the suspected Iranian hackers left behind a new type of malware that could have been used to destroy the computers it infected, an echo of two other Iran-attributed cyberattacks targeting Saudi Arabia in 2012 and 2016 that destroyed systems.
Iran’s office at the United Nations did not immediately respond to a request for comment Wednesday and its state media did not report on the claims. However, suspected Iranian hackers long have operated without caring if people found it was them or if there would be consequences, making them incredibly dangerous, said Stuart Davis, a director at one of FireEye’s subsidiaries.
“Today, without any repercussions, a neighboring country can compromise and wipe out 20 institutions,” Davis said.
FireEye, which often works with governments and large corporations, refers to the group as APT33, an acronym for “advanced persistent threat.” APT33 used phishing e-mail attacks with fake job opportunities to gain access to the companies affected, faking domain names to make it look like the messages came from Boeing Co. or defense contractors.
The hackers remained inside of the systems of those affected for “four to six months” at a time, able to steal data and leaving behind the malware that FireEye refers to as Shapeshifter. The coding contains Farsi-language references, the official language of Iran, FireEye said.
Timestamps in the code also correspond to hackers working from Saturday to Wednesday, the Iranian workweek, Davis said. The programs used in the campaign are popular with Iranian coders, servers were registered via Iranian companies and one of the spies appears to have accidentally left his online handle, “xman_1365_x,” in part of the code.
That name “shows up all over Iranian hacker forums,” FireEye’s John Hultquist said. “I don’t think they’re worried about being caught. ... They just don’t feel like they have to bother.”
The Associated Press was able to find other clues pointing to an Iranian nexus. One of the e-mail addresses used to register a malicious server belongs to an Ali Mehrabian, who used the same address to create more than 120 Iranian websites over the past six years.
Neither Mehrabian, who listed himself as living in Tehran, nor “xman” returned e-mails seeking comment.
Iran developed its cyber capabilities in 2011 after the Stuxnet computer virus destroyed thousands of centrifuges involved in Iran’s contested nuclear program. Stuxnet is widely believed to be an American and Israeli creation.
Iran is believed to be behind the spread of Shamoon in 2012, which hit Saudi Arabian Oil Co. and Qatari natural gas producer RasGas. The virus deleted hard drives and then displayed a picture of a burning American flag on computer screens. Saudi Aramco ultimately shut down its network and destroyed over 30,000 computers.
A second version of Shamoon raced through Saudi government computers in late 2016, this time having the destroyed computers display a photograph of the body of 3-year-old Syrian boy Aylan Kurdi, who drowned fleeing his country’s civil war. Suspicion again fell on Iran.
FireEye’s report said it believed APT33 “is likely in search of strategic intelligence capable of benefiting a government or a military sponsor.”
High on the list of any potential suspects within Iran would be its paramilitary Revolutionary Guard. US prosecutors in March 2016 accused hackers associated to Guard-linked companies of attacking dozens of banks and a small dam near New York City. Hackers linked to the Guard also have been suspected of targeting the e-mail and social-media accounts of Obama administration officials.
___
Associated Press writer Raphael Satter in Paris contributed to this report.
Iranian hackers unleash malware against aviation, petrochem industries — cybersecurity firm
Iranian hackers unleash malware against aviation, petrochem industries — cybersecurity firm
Gaza aid surge having an impact but challenges remain
- In the final months before the ceasefire, the few aid convoys that managed to reach central and northern Gaza were routinely looted
- Over the past week, UN officials have reported "minor incidents of looting"
JERUSALEM: Hundreds of truckloads of aid have entered Gaza since the Israel-Hamas ceasefire began last weekend, but its distribution inside the devastated territory remains an enormous challenge.
The destruction of the infrastructure that previously processed deliveries and the collapse of the structures that used to maintain law and order make the safe delivery of aid to the territory's 2.4 million people a logistical and security nightmare.
In the final months before the ceasefire, the few aid convoys that managed to reach central and northern Gaza were routinely looted, either by desperate civilians or by criminal gangs.
Over the past week, UN officials have reported "minor incidents of looting" but they say they are hopeful that these will cease once the aid surge has worked its way through.
In Rafah, in the far south of Gaza, an AFP cameraman filmed two aid trucks passing down a dirt road lined with bombed out buildings.
At the first sight of the dust cloud kicked up by the convoy, residents began running after it.
Some jumped onto the truck's rear platforms and cut through the packaging to reach the food parcels inside.
UN humanitarian coordinator for the Middle East Muhannad Hadi said: "It's not organised crime. Some kids jump on some trucks trying to take food baskets.
"Hopefully, within a few days, this will all disappear, once the people of Gaza realise that we will have aid enough for everybody."
central Gaza, residents said the aid surge was beginning to have an effect.
"Prices are affordable now," said Hani Abu al-Qambaz, a shopkeeper in Deir el-Balah. For 10 shekels ($2.80), "I can buy a bag of food for my son and I'm happy."
The Gaza spokesperson of the Fatah movement of Palestinian president Mahmud Abbas said that while the humanitarian situation remained "alarming", some food items had become available again.
The needs are enormous, though, particularly in the north, and it may take longer for the aid surge to have an impact in all parts of the territory.
In the hunger-stricken makeshift shelters set up in former schools, bombed-out houses and cemeteries, hundreds of thousands lack even plastic sheeting to protect themselves from winter rains and biting winds, aid workers say.
In northern Gaza, where Israel kept up a major operation right up to the eve of the ceasefire, tens of thousands had had no access to deliveries of food or drinking water for weeks before the ceasefire.
With Hamas's leadership largely eliminated by Israel during the war, Gaza also lacks any political authority for aid agencies to work with.
In recent days, Hamas fighters have begun to resurface on Gaza's streets. But the authority of the Islamist group which ruled the territory for nearly two decades has been severely dented, and no alternative administration is waiting in the wings.
That problem is likely to get worse over the coming week, as Israeli legislation targeting the lead UN aid agency in Gaza takes effect.
Despite repeated pleas from the international community for a rethink, the UN Relief and Works Agency for Palestine Refugees (UNRWA), which has been coordinating aid deliveries into Gaza for decades, will be effectively barred from operating from Tuesday.
UNRWA spokesman Jonathan Fowler warned the effect would be "catastrophic" as other UN agencies lacked the staff and experience on the ground to replace it.
British Foreign Secretary David Lammy warned last week that the Israeli legislation risked undermining the fledgling ceasefire.
Brussels-based think tank the International Crisis Group said the Israeli legislation amounted to "robbing Gaza's residents of their most capable aid provider, with no clear alternative".
Israel claims that a dozen UNRWA employees were involved in the October 2023 attack by Hamas gunmen, which started the Gaza war.
A series of probes, including one led by France's former foreign minister Catherine Colonna, found some "neutrality related issues" at UNRWA but stressed Israel had not provided evidence for its chief allegations.
Israel to UN: Palestinian relief agency UNRWA must leave Jerusalem by Jan. 30
- A law banning UNRWA’s contact with Israeli authorities takes effect on Jan. 30
JERUSALEM: The UN Palestinian relief agency UNRWA must “cease its operations in Jerusalem, and evacuate all premises in which it operates in the city” by Jan. 30, Israel’s UN envoy told UN Secretary-General Antonio Guterres in a letter on Friday.
A law banning UNRWA’s operation on Israeli land and contact with Israeli authorities takes effect on Jan. 30. Israel annexed East Jerusalem in a move not recognized abroad.
Hamas buries 2 leaders slain in Israel strike in Gaza months ago
- Hundreds of people attended the funerals of Rauhi Mushtaha and Sami Mohammad Odeh during Friday prayers
- The bodies, draped in the green flag of Hamas, were carried on stretchers from the mosque
GAZA CITY: Two senior Hamas members, whom Israel said it had killed months ago, were buried in Gaza on Friday after their remains were discovered under rubble during the truce, AFP journalists reported.
Hundreds of people attended the funerals of Rauhi Mushtaha and Sami Mohammad Odeh during Friday prayers in the courtyard of the Omari mosque, a historic landmark in the heart of Gaza City that has been heavily damaged by Israeli bombing.
The bodies, draped in the green flag of Hamas, were carried on stretchers from the mosque to their burial site, accompanied by around 16 masked members of the Ezzedine Al-Qassam Brigades, the armed wing of the Palestinian Islamist group.
The Israeli army announced in early October that it had “eliminated” Mushtaha and Odeh along with another Hamas leader “about three months earlier” during an air strike in the Gaza Strip.
Mushtaha, designated an “international terrorist” by the United States in 2015, was a member of Hamas’s political bureau in Gaza, responsible for finances.
Odeh was the head of Hamas’s internal security agency.
Hamas officially acknowledged their deaths in a statement on Sunday, saying that they had fallen as “martyrs.”
ADNOC shipping rules out quick return to Red Sea, CEO says
- Danish shipping company Maersk said on Friday it would continue to reroute around Africa via the Cape of Good Hope until safe passage through the Red Sea and Gulf of Aden area was ensured for the longer term
DUBAI: Red Sea shipping remains risky despite the Gaza ceasefire and an announcement by Houthis to limit attacks, according to the CEO of Abu Dhabi National Oil Company’s logistics and shipping arm.
Shipping executives remain cautious about a return to the Red Sea, given the risk to seafarers, cargo, and their assets.
Houthis have carried out more than 100 attacks on ships since November 2023, resulting in most shipping companies diverting vessels away from the Suez Canal to use the longer route around southern Africa instead.
“As we speak today, we cannot say it’s almost completely gone, and it’s a go-ahead for all the fleet to go inside the Red Sea. As I said, there is a people side to it, so we cannot risk our people going there while there may be a fragile ceasefire now,” said ADNOC Logistics & Services CEO Abdulkareem Al-Masabi.
Danish shipping company Maersk said on Friday it would continue to reroute around Africa via the Cape of Good Hope until safe passage through the Red Sea and Gulf of Aden area was ensured for the longer term.
The Houthis will limit their attacks on commercial vessels to Israel-linked ships provided the Gaza ceasefire is fully implemented.
However, they have conditioned their halt in attacks on US or UK-linked shipping with various provisos, which has added to caution on any return, shipping and insurance sources say.
The Houthis on Wednesday freed the crew of the Galaxy Leader, a vessel that the militia seized more than a year ago.
In another development, the UN has suspended all travel into areas held by Houthis after the militia detained more of their staff.
The Houthis have already detained UN staffers, as well as individuals associated with the once-open US Embassy in Sanaa and aid groups.
“Yesterday, the de facto authorities in Sanaa detained additional UN personnel working in areas under their control,” the UN statement read.
“To ensure the security and safety of all its staff, the United Nations has suspended all official movements into and within areas under the de facto authorities’ control.”
Before Friday, the UN had a total of 16 Yemeni staff in Houthi detention.
Staffers were trying to get a headcount across the UN agencies working in the country and had halted their work, which provides food, medicine, and other aid to the impoverished nation.
In June, the UN acknowledged the Houthis detained 11 Yemeni employees under unclear circumstances as the militia increasingly cracked down on areas under their control.
Several dozen others from aid agencies and other organizations are also held.
The UN added that it was “actively engaging with senior representatives” of the Houthis.
Sudan army breaks paramilitary siege on key base: military source
- “Our forces were able to lift the siege on the Signal Corps,” the source in the Sudanese army told AFP
- “This victory opens the way to link our forces in Bahri (Khartoum North) with our forces in the General Command“
PORT SUDAN: The Sudanese army broke a paramilitary siege on one of its key Khartoum-area bases on Friday, paving the way to also freeing the besieged military headquarters, a military source said.
The paramilitary Rapid Support Forces (RSF) had since the outbreak of the war with Sudan’s army in April 2023 encircled both the Signal Corps in Khartoum North and the General Command of the Armed Forces, its headquarters just south across the Blue Nile river.
“Our forces were able to lift the siege on the Signal Corps,” the source in the Sudanese army told AFP.
With a months-long communications blackout in place, AFP was not able to independently verify the situation on the ground.
The RSF could not be immediately reached for comment.
“This victory opens the way to link our forces in Bahri (Khartoum North) with our forces in the General Command,” the military source said, requesting anonymity because he was not authorized to speak to the media.
A military source had previously told AFP the army was advancing closer to Khartoum North following days of military operations aimed at dislodging the RSF from fortified positions in the city.
This comes around two weeks after the army reclaimed the Al-Jazira state capital Wad Madani, just south of Khartoum, securing a key crossroads between the capital and surrounding states.
The army and the RSF had seemed to be in a stalemate since the military nearly a year ago seized control of Omdurman — Khartoum’s twin city on the west bank of the Nile.
RSF has controlled Khartoum North on the east bank.
They have regularly exchanged artillery fire across the river, with civilians reporting bombs and shrapnel often hitting homes.
The military source said Friday’s advance “will secure Omdurman from the artillery shelling launched from Bahri.”
Seizing the General Command would signal a major shift for the army, securing its positions in all three districts of the capital.
Since the early days of the war, when the RSF quickly spread through the streets of Khartoum, the military has had to supply its forces inside the headquarters via airdrops.
Army chief Abdel Fattah Al-Burhan was himself trapped inside for four months, before emerging in August 2023.
Khartoum and its surrounding state have been torn apart by the war, with 26,000 people killed between April 2023 and June 2024, according to a report by The London School of Hygiene & Tropical Medicine.
Entire neighborhoods have been emptied out and taken over by fighters as at least 3.6 million people fled the capital, according to United Nations figures.
Across the northeast African country, the war has claimed tens of thousands of lives and uprooted more than 12 million people in what the United Nations calls the world’s largest internal displacement crisis.
Famine has been declared in parts of Sudan but the risk is spreading for millions more people, a UN-backed assessment said last month.
Before leaving office on Monday, the administration of United States president Joe Biden sanctioned Sudanese army chief Abdel Fattah Al-Burhan, accusing the army of attacking schools, markets and hospitals and using food deprivation as a weapon of war.
That designation came about one week after Washington sanctioned RSF leader Mohammad Hamdan Dagalo and said his forces had “committed genocide.”
