A believed-Iranian hacking group nicknamed Chafer that previously focused on domestic surveillance has been turned loose on the international air transport industry, according to a new report from Symantec.
The bottom line: Iran has other options in its cyber offensive, including more sophisticated government-lead groups. But with this rapid expansion of Chafer's portfolio, "[m]ore then likely, their mandate will broaden in the next few years," said Symantec Technical Director Vikram Thakur.
The details: Chafer, first identified in 2015 by Symantec, appears to date back to 2014, said Thakur. But Chafer's relatively bare-bones attacks were largely focused on targets within Iranian borders. In 2017, the group pivoted its attention to espionage in Israel, Jordan, Saudi Arabia, Turkey and the U.A.E.
The intrigue: Thakur believes this is an escalation of responsibilities for the group, which he stressed was not particularly sophisticated. Chafer's victims appear to be centered around airlines and their equipment and software providers. Chafer also attacked telecom firms with aerospace clients, although it is unclear whether the goal was those clients or the telecom firms themselves.
