A significant increase in attacks on organizations within Gulf Cooperative Coalition (GCC) countries has been seen coming from Iran. It is believed that the Iranian government-supported APT33 is behind the attack campaign which ran from the 2nd to the 29th of July. The group targeted utility and insurance providers, manufacturing organizations, and educational institutes within GCC countries–including local offices of Japanese and American organizations within the GCC. The group targeted users through a sophisticated spear phishing campaign which utilized non-destructive malware to harvest sensitive information and transfer it back to servers controlled by the hackers. APT 33 carried out similar operations ahead of negotiations for the 2015 nuclear deal and it is believed that this campaign is likely being carried out in response to President Trump’s decision to pull out of the Iranian Nuclear deal and re-impose sanctions on Iran.
