Iranian Chafer APT Group operate against Kuwait and Saudi Arabia

May 31, 2020
iranian Chafer APT group targets kuwait saudiarabia compressor

Middle East Espionage

Bitdefender had released their recent analysis report today for the latest crime they were able to pin down. They were able to name the fraudster the Chafer APT (also known as APT39 or Remix Kitten), which many believed to be a country backed hacker of the Iranian government. The group has been active since 2014 and has been targeting prominent industries in different countries in the Middle East.

Their signature protocol of hacking is through email phishing scams, which mainly lures high ranking officials of the targeted industry. Once they were able to gain access to the system, they can extract not only sensitive information of the employees but also vital information of its customers. They do also have the capability of creating a user account within the network and elevate their access. With admin access, it will enable them to sneak through the system under the radar of any anti-malware protection program. The attack method proved to be efficiently true since a compromised system has been undiscovered for more than a year and a half since 2018. It is noticeable that the attacks have been recorded persistent during Fridays and Saturdays, due to lax security as their culture considers the days as rest days.


Evidence from the victims

The reports named that they have targeted Kuwait and Saudi Arabia. Pieces of evidence show that they used multiple tools to be successful in their infiltration campaign. Tools vary from custom-built backdoor programs, brute force hacking protocol, and command and control applications to gain access to vast sensitive information to many systems that they have compromised. Uncovering this report has proved that the Iranian government never ceased to outwit possible competition to gather classified intel within its region. Citing this advantage will give them an edge to respond proactively to any threat that may arise against them.

The Chafer APT targeted industries are telecommunications and travel industries for both mentioned countries. Being known to stored many people’s credentials, this is a wise choice to gather vast intelligence for their espionage plan. Furthermore, Kuwait was more vulnerable to these attacks compared to Saudi Arabia as the latter has a highly sophisticated fraud protection program installed on most of their systems.


The Expose – What to do in the future

Exposing this aggravating circumstance in the Middle East was just citing an example that this type of intel-gathering is happening in reality. Cyber attacks must teach us to persevere to be more vigilant and cautious about possible cyber attacks. Hackers are commonly targeting large industries as they hold sensitive information. Businesses must continuously stay proactive to keep up with the latest news about breaches and leakage and, more importantly, should invest in a more sophisticated security system.


About the author

Leave a Reply