Contact Contact Us

Iranian APT Group Targets Airliners

A previously unknown threat group of Iranian origin has been targeting the aviation industry for the past few years including airline companies in Southeast Asia such as the Malaysia Airlines, AirAsia, Philippine Airlines and Thai Airways. The espionage group dubbed Rana was discovered after an unknown hacker leaked a third set of documents via a user group on the Telegram app. In April, the attack toolsets of two other Iranian groups, OilRig and Muddywater, were also exposed on Telegram. The exposed documents connect Rana to the Iranian Ministry of Intelligence whose operation objectives range from gathering strategic intelligence, developing technological capabilities, and monitoring dissidents. A typical Rana operation involves extensive reconnaissance of its target to discover open systems accessible from the Internet. The information gathered is passed to the group’s social engineering team which develops spear phishing emails to lure users into installing malicious payloads in the target system.

[1] Iranian Nation-State APT Groups 'Black Box' Leak (PDF)

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883