CONFERENCE Cyber AI & Automation Summit - NOW LIVE
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Nation-State

US, Israel Describe Iranian Hackers’ Targeting of Olympics, Surveillance Cameras 

The US and Israel have published an advisory describing the latest activities of Iranian cyber firm Emennet Pasargad, now called Aria Sepehr Ayandehsazan.

Iran cyberattacks

The United States and Israel this week published a cybersecurity advisory describing the latest activities of an Iranian threat group, including attacks targeting the recent Olympics and surveillance cameras.

The FBI has been tracking this group’s activities since 2020. The threat actor is known in the private sector as Cotton Sandstorm, Marnanbridge, and Haywire Kitten, but it’s probably best known as Emennet Pasargad, the name of the company that was until recently used as a front for the group’s activities.

According to the new advisory written by the FBI, the US Department of Treasury and Israel’s National Cyber Directorate, since mid-2024 the name of the front company has been Aria Sepehr Ayandehsazan (ASA). The company, which has been legally registered in Iran, is used for finance-related and HR purposes, among others. 

Emennet Pasargad and now Aria Sepehr Ayandehsazan officially have been providing cybersecurity services within Iran, including to government organizations. However, the US government has repeatedly warned that the firm has conducted malicious cyber operations. 

Charges and sanctions were announced against the company and its employees in recent years over election-focused operations, as well as cyberattacks targeting various sectors in the United States, Europe and the Middle East. 

The threat actor, which often leverages hacktivist and cybercrime group personas, is known to aim many of its attacks on Israel. 

The new report from the FBI shares the group’s latest tactics, techniques and procedures (TTPs) and describes some of its recent operations.

Investigations found that Aria Sepehr Ayandehsazan set up its own cover hosting providers to manage and hide its infrastructure. Two of these providers are called Server-Speed and VPS-Agent, and they have been used to provision operational servers and for hosting websites affiliated with the terrorist organization Hamas. 

Advertisement. Scroll to continue reading.

According to the FBI, one ASA operation involved contacting the family members of Israeli people taken hostage by Hamas following the October 2023 attack, “likely in an effort to cause additional psychological effects and inflict further trauma”. 

In another influence operation, ASA hacked into the systems of a US-based IPTV streaming company to spread propaganda.

In July 2024, ahead of the Summer Olympics in France, the threat actor hacked a French commercial dynamic display provider in an effort to show photo montages denouncing the participation of Israeli athletes in the Olympics.

In addition, ASA has conducted IP camera hacking, mainly targeting devices in Israel, but also in Gaza and Iran. 

“ASA made images and content from Israeli cameras available for clients to access via several servers beginning in October 2023,” the advisory noted.

The agencies also pointed out that ASA has been using various AI services to generate photos and for voice modulation. OpenAI recently revealed that Iranian hackers had used ChatGPT to plan attacks on industrial control systems (ICS). 

Related: Iranian Hackers Tried but Failed to Interest Biden’s Campaign in Stolen Trump Info, FBI Says

Related: Iranian Hackers Use Brute Force in Critical Infrastructure Attacks

Related: Iranian Cyberspies Exploiting Recent Windows Kernel Vulnerability 

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Video platform Vimeo has appointed Ryan Weeks as Chief Information Security Officer.

LPL Financial has welcomed Renana Friedlich as Chief Information Security Officer.

SSH Communications Security has appointed Pauli Haikonen as the company’s Chief Information Security Officer (CISO).

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.