Skip to main content

A group of suspected Iranian hackers have been targeting aviation and energy firms in the U.S., Saudi Arabia and South Korea in a series of cyber espionage missions since at least 2013, cybersecurity company FireEye Inc. (FEYE) said in a report Wednesday, Sept. 20.

The Iranian hacker group, which FireEye is calling ATP33, is thought to work "at the behest of the Iranian government."

FireEye researchers believe the group is targeting companies to gain information that can enhance Iran's domestic aviation capabilities, support Iran's military strategy and boost Iran's petrochemical firms competing with other countries.

FireEye researchers also found evidence of data-destroying missions aimed at wiping disks, erasing volumes and deleting files on the servers of company networks. There was no evidence that the data-destroying malicious software, called SHAPESHIFT, has yet been used, but the capability to wipe information appeared present.

ATP33's focus appears to be commercial and military aviation companies and energy firms involved in petrochemical production. The hackers have used job recruitment phishing emails to target high-level employees of both an unnamed U.S. aerospace company and an unnamed Saudi Arabian business conglomerate with aviation holdings.

Hackers have used multiple internet addresses to appear as if they're sending messages from companies including Boeing Co. (BA) , Northrop Grumman Corp.'s  (NOC)  Aviation Arabia, Alsalam Aircraft Co. and Vinnell Arabia.

More of What's Trending on TheStreet: