Security experts have warned that hackers from the Middle East are travelling to Eastern Europe to learn their trade from cyber-criminals there, before launching their own attacks on a variety of targets.
US-based darknet intelligence provider Norse detailed in a blog post several cases it has uncovered to support this theory.
The first describes the exchange of exploit and target data between the Iran-based Ashiyane Digital Security Team (ADST) and Romania’s largest hacker community, the Romanian Security Team (RST).
It explained:
“A series of posts on the RST forum announced a list of compromised Simple Message Text Protocol (SMTP) systems. Six months later, a large volume of the same compromised systems appeared in a post on the ADST forum from a hacker known to operate in France. Some of the compromised SMTP systems were identified by Norse as used in phishing campaigns as well as other malicious activity.”
Another case involves a suspected member of the Middle East Cyber Army (MECA), who is thought to have attacked over 3,500 sites and was finally captured by the Bulgarian authorities in July.
The 21-year-old Syrian hacktivist is thought to have been studying in the country at the time of the attacks, although it isn’t clear who trained him.
Norse warned that hackers from the Middle East would continue to develop their skills thanks to help from counterparts in Europe.
“As their numbers, interests and skills grow, the dangers also increase the likelihood of a natural evolution from website defacement and Denial of Service (DoS) activities to truly worrisome cyber-terrorism activities capable of destroying infrastructure and putting real lives at risk,” it added.
Cyber-criminals from the Middle East are gaining an increasingly fearsome reputation, ranging from the headline-grabbing hacktivism of the Syrian Electronic Army to the serious state-sponsored campaigns backed by Iran and others.
Threat intelligence firm Cylance even described Iran as “the new China” in a report last December which revealed the existence of Operation Cleaver, a new information-stealing APT campaign targeting multiple industries in 16 countries.