Iran-Backed Hackers Target Airports, Carriers: Report

…
The report provides a breakdown of the skills of particular hackers identified by their nicknames, a level of detail similar to that in a report last year by the security firm Mandiant on a crack Chinese military team known as Unit 61398.

The kinds of companies cited in the Cylance report provide a map of intelligence priorities. The targets are different from those of Russian hackers, who have recently zeroed in on the Ukraine conflict, oil markets and the global financial system, and Chinese hackers, who have focused on gaining commercial secrets, according to a series of investigations.

Any data collected about global air transportation networks could be passed to militants and insurgent groups allied with Tehran, according to Reuel Marc Gerecht, senior fellow at the Foundation for Defense of Democracies and former Middle East specialist at the CIA’s Directorate of Operations.
…
According to Cylance, two of the most productive of the Iranian cyberattackers included the nicknames “Parviz” and “Nesha” in their attack code and in the passwords used to get to stolen material. Other technical indicators link to Internet space belonging to a company in Tehran, according to the report.

“The Iranian regime uses a lot of contract native talent” to develop its offensive capacity, Gerecht said.
…
Read full article here.