Priya Patel
TLDR:
- Iran attempted to purchase wiper malware from Russian underground forums
- Russian cybercrime forums are visited by state-sponsored hacking groups, including those linked to Iran
Iran has tried to purchase wiper malware from Russian underground forums that can help hackers irreversibly remove computer data. Sergey Shykevich, threat intelligence expert at cyber security company Check Point, emphasized that nation states often pretend to be involved in hacktivism to maintain deniability, even if their identity is known. Russian cybercrime forums, which state-sponsored hacking groups frequent, offer various services including malware, ransomware, spam, and deep fake platforms.
Running cybercrime forums has become a lucrative business in Russia, with forums like “Exploit” having over one million messages on different subjects. The strict membership rules and vetting process in these forums aim to prevent access by security forces and researchers. Recent strengthening of ties between Tehran and Moscow raised concerns among Western countries, with Iran-backed hackers increasing their activities following conflicts like the Israel-Hamas dispute.
In December 2023, Iran-linked hackers targeted a water facility in Ireland, leaving residents without water for two days. This incident was linked to the use of an Israeli-made equipment in the facility. The cybersecurity landscape is further complicated by state-sponsored hackers leveraging tools to enhance their cyber espionage capabilities, as revealed by Microsoft.
Iran and Russia’s collaboration in information and intelligence cybersecurity cooperation has raised eyebrows, leading to increased scrutiny by Western nations and the launch of specific units to combat threats from Tehran and Moscow. As state-backed hackers continue to pose cyber threats, the need for robust cybersecurity measures becomes increasingly apparent in the international landscape.
