An Iranian flag in Tehran. Photo: Kaveh Kazemi / Getty Images

The U.S. recently indicted members of an Iranian government contractor for hacking universities and companies to steal research. Cybersecurity firm Mandiant, which highlighted Iran as a growing force in 2017 in an annual report released today, has seen an uptick in believed government affiliated Iranian hackers stealing intellectual property from businesses.

Why it matters: Once among the world's most amateurish cyber-powers, Iran has become a mature, aggressive player in digital espionage.

"It seemed like we were investigating attacks from Iran more than anything else,"
— Charles Carmakal, Vice President of Mandiant, tells Axios.

Carmakal also speculates that IP may be being used to help Iranian companies create more impressive products.

The current status: Mandiant and it's parent company, FireEye, named three new advanced persistent threats (APTs) from Iran in 2017. APTs are campaigns that target specific victims with consistent, sophisticated, and patient attacks rather than the one-off victims or victims of opportunity chosen by most hackers.

The background: "We used to joke around 2010 that Iran looked a lot like Anonymous," said Carmakal. Around that point the Iranian threat was limited to denial of service attacks.

  • Later, as Iran began to develop its own tools, researchers noted that Iranian agents would place hacker pseudonyms in source code or claim credit for defacing websites — not the secure, quiet, unattributable hacking used by most nations.
  • "We saw some nations that needed to mature, but nothing as bad as Iran," said Carmakal, thought he says Iranian attacks have shown drastic improvement.

Important note: These believed to be Iranian groups are known for destructive cyber attacks within the Middle East, but they do not appear to be conducting destructive attacks in the United States.

Go deeper

Updated 32 mins ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 7 p.m. ET: 12,859,834 — Total deaths: 567,123 — Total recoveries — 7,062,085Map.
  2. U.S.: Total confirmed cases as of 7 p.m. ET: 3,297,501— Total deaths: 135,155 — Total recoveries: 1,006,326 — Total tested: 40,282,176Map.
  3. States: Florida smashes single-day record for new coronavirus cases with over 15,000 — NYC reports zero coronavirus deaths for first time since pandemic hit.
  4. Public health: Ex-FDA chief projects "apex" of South's coronavirus curve in 2-3 weeks — Coronavirus testing czar: Lockdowns in hotspots "should be on the table"
  5. Education: Betsy DeVos says schools that don't reopen shouldn't get federal funds — Pelosi accuses Trump of "messing with the health of our children."

Scoop: How the White House is trying to trap leakers

Illustration: Sarah Grillo/Axios

President Trump's chief of staff, Mark Meadows, has told several White House staffers he's fed specific nuggets of information to suspected leakers to see if they pass them on to reporters — a trap that would confirm his suspicions. "Meadows told me he was doing that," said one former White House official. "I don't know if it ever worked."

Why it matters: This hunt for leakers has put some White House staffers on edge, with multiple officials telling Axios that Meadows has been unusually vocal about his tactics. So far, he's caught only one person, for a minor leak.

11 GOP congressional nominees support QAnon conspiracy

Lauren Boebert posing in her restaurant in Rifle, Colorado, on April 24. Photo: Emily Kask/AFP

At least 11 Republican congressional nominees have publicly supported or defended the QAnon conspiracy theory movement or some of its tenets — and more aligned with the movement may still find a way onto ballots this year.

Why it matters: Their progress shows how a fringe online forum built on unsubstantiated claims and flagged as a threat by the FBI is seeking a foothold in the U.S. political mainstream.