A newly detailed espionage group is breaching the telecom and travel industries in a likely attempt to surveil individuals, according to a new report by FireEye.
Why it matters: FireEye, which has dubbed the group APT 39, believes the group is Iranian. This would be the first Iranian hacker group to focus on personal information. Others have conducted destructive attacks on industry, along with general espionage or influence campaigns.
The new group has been active since at least 2014 and primarily targets Middle Eastern victims, though the U.S., Europe and Australia have seen some activity as well.
- FireEye has been tracking the group since December.
- The group appears to have a secondary focus on more traditional espionage against governments.
FireEye has "moderate confidence" the group is Iranian, based on the infrastructure and timing of attacks, the choice of victims, and similarities to another Iranian group, APT 34.
