An Iranian hacking group is expanding operations in the Middle East, report says

  • An Iran-based hacking group, called Chafer, is expanding its spying operations in the Middle East, according to a new report from Symantec.
  • The cybersecurity firm said last year, Chafer attacked organizations in Israel, Jordan, Saudi Arabia, Turkey and the United Arab Emirates.
  • Cybersecurity experts previously pointed to the growing sophistication of Iran's cyber-espionage capabilities, following a 2011 cyberattack that destroyed computer-controlled equipment at the country's Natanz uranium enrichment facility.

An Iran-based hacking group that in the past has conducted domestic surveillance is turning its gaze outward across the Middle East, according to a new report from Symantec.

The cybersecurity firm said last year, the group attacked organizations in Israel, Jordan, Saudi Arabia, Turkey and the United Arab Emirates. Some of the sectors the group, known as Chafer, has targeted include airlines, aircraft services, telecom firms, and technology companies serving the air and sea transport sectors.

'Heightened ambitions'

"The group staged a number of ambitious new attacks last year, including the compromise of a major telecoms services provider in the region," Symantec researchers said in the report.

"There is also evidence that it attempted to attack a major international travel reservations firm," the report added, pointing to the group's "heightened ambitions." Symantec said it also found evidence of attacks against an African airline.

Chafer, according to the report, appears to be primarily engaged in surveillance and tracking of individuals and most of its attack is likely carried out to gather information on targets.

Symantec previously wrote about the group's activities in a 2015 blog post, where the firm said it mostly spied on individuals within Iran. But, the report added, the group was already targeting telecom and airline companies in the region.

Last year, Chafer employed new, mostly freely tools to carry out its attacks. One of those tools was also used during the WannaCry and Petya ransomware attacks, according to Symantec.

In recent years, cybersecurity experts have pointed to the growing sophistication of Iran's cyber-espionage capabilities, following a 2011 cyberattack that destroyed computer-controlled equipment at the country's Natanz uranium enrichment facility.

U.S. intelligence officials previously said that hackers believed to be linked to the Iranian government attacked Saudi state oil giant Aramco in 2012, successfully wiping thousands of computers and paralyzing operations.

'Attacked us repeatedly'

Security experts have further traced a number of subsequent attacks back to Iran, including hacks on Saudi, American and South Korean companies. Iran has not commented on those accusations.

In February, Saudi Foreign Minister Adel Al-Jubeir told CNBC that Iran was "the most dangerous nation" for cyber threats.

"Iran is the only country that has attacked us repeatedly and tried to attack us repeatedly," Al-Jubeir said. "In fact, they tried to do it on a virtually weekly basis."

He added that Saudi Arabia is taking "all the steps necessary" to defend itself and training its people to "be able to engage in offensive operations to make it hopefully impossible for people to penetrate those systems."

The Iranian government has previously denied accusations of cyber-aggression. It did not respond last month to a request for response to Al-Jubeir's comments.

— CNBC's Natasha Turak contributed to this report.