An American security company says Iranian hackers have been engaged in a program to track potential political dissidents for at least the last year. The monitoring program uses malware to spy on computer users and may be targeting people using Tor or VPNs.
According to Symantec, the American online security company, the spying has been the work of two different but possibly related groups of hackers based in Iran:
Two teams of Iran-based attackers have been using back door threats to conduct targeted surveillance of domestic and international targets. While the groups are heavily targeting individuals located in Iran, they’ve also compromised airlines and telecom providers in the Middle East region, possibly in an attempt to monitor targets’ movements and communications.
The hackers are apparently using malware to gain access to their targets’ computers. It’s unclear how all of the malware is being installed, but at least some of it seems to be delivered by first hacking into Web servers, then using those servers to invade client computers that connect to them. That means that becoming infected requires only visiting certain websites.
Symantec says the groups have been active since at least mid-2014, but possibly since as early as 2011.
Perhaps most notably, there is evidence that the attacks have targeted computer users in Iran who use privacy tools or anti-censorship software. Symantec noted “a significant amount of individual targets that used anonymous proxy services to go online.” While the company did not specify which types of proxy services those users were deploying, it presumably meant tools like Tor, VPNs and possibly HTTP proxies. As the company noted, proxy services are common among Iranian Internet users.
Fortunately, Symantec says that the attacks appear not be particularly sophisticated. It suggests that running basic security software, and being averse toward phishing emails, should suffice to keep most potential victims safe from this type of spying.