First Published: 2017-08-13

Investigation uncovers Iran-backed cyber-espionage group in MENA region
CopyKittens’ activities mostly centred on espionage of strategic targets, particularly Saudi Arabia, Jordan, Turkey, Israel, Germany and the United States.
Middle East Online

By Mohammed Alkhereiji - LONDON

Increased activities.

The Iran-backed cyber-es­pionage group CopyKit­tens has increased activi­ties, launching attacks on governments, defence companies and academic institu­tions in support of Tehran’s politi­cal agenda, a report said.

An investigative study by Israeli firm ClearSky Cybersecurity and Trend Micro called Operation Wilted Tulip traced CopyKittens’ activities to 2013, shedding light on its work patterns and possible motivations.

The report revealed that CopyKit­tens’ activities mostly centred on espionage of strategic targets, particularly Saudi Arabia, Jordan, Turkey, Israel, Germany and the United States.

The group extracted informa­tion from government organi­sations, academic institutions, online news sites and NGOs with the objective of gathering “as much information and data from target organisations as possible,” the report said.

CopyKittens used rudimen­tary techniques, such as phish­ing, malicious e-mail attach­ments and, more recently, watering hole attacks to gather information.

“It’s more that the methods they are using are efficient. They are getting out the data that they need to,” said Robert McArdle, director of research at Trend Micro, adding that the group’s lack of refinement makes it relatively easy to track CopyKit­tens’ activities compared to more sophisticated campaigns that could go on for years without being detected.

McArdle said CopyKittens’ meth­ods are of the more traditional vari­ety, using exploits to take advantage of out-of-date systems, so if the user is missing updates or patches, an automatic infection is more likely. A lot of the group’s attacks go after the most vulnerable parts of any organisation — humans.

“In any computer network secu­rity chain, the weakest link in always the human element,” said Iyad Barakat, a London-based digital analyst.

“Groups more sophisticated than CopyKittens will try to target the human element in the chain, using techniques like a watering hole attack to simply extract passwords because these methods save them time, effort and usually have a higher success rate than the more sophisticated ones.”

McArdle said an effective method to gain the human element’s trust is a social engineering campaign, which uses a number of psycho­logical tricks to get the information needed to access a computer net­work.

“Social engineering is relatively quick and easy to do in terms of setting up fake e-mail accounts or fake Facebook accounts or which­ever social networking profile you are going with,” McArdle said, add­ing that effort is required to manage these resources and accounts.

Social engineering can’t be stopped with traditional protection methods, said David Emm, principal security researcher at Kaspersky Lab.

“Social engineering works and even if businesses have the right protection, without the right staff education they can fall victim,” Emm said. “Awareness is low in the Middle East as generally Western businesses have had longer to grapple with such issues.”

One effective trick that CopyKittens used, McArdle said, is reaching important tar­gets through other compromised accounts. Once CopyKittens gained access to an e-mail account in an organisation, it would not immediately try to take over higher-level targets in the company but log on and wait for a natural conversation to start between the person whose account it controls and the target. It might then reply to an e-mail thread, saying: “You might want to open this link.”

During the Gulf Information Secu­rity Expo and Conference in May in Dubai, experts urged for more cybersecurity cooperation between countries in the Gulf Cooperation Council. The Middle East cyber-security market is projected to grow to $22.14 billion by 2022, with Saudi Arabia expected to contribute the largest share.

Mohammed Alkhereiji is the Arab Weekly’s Gulf section editor.

This article was originally published in The Arab Weekly.


US says Iran supplied ballistic missile to Yemen rebels

UN 'appalled' at mass execution of jihadists in Iraq

Palestinians call for protests against Pence Jerusalem visit

Over half Syrian refugees in Lebanon live in 'extreme poverty'

Palestinian activist killed in Gaza protests

Palestinian billionaire detained in Saudi Arabia

Egypt opens Rafah crossing for four days

Turkey court releases 7 suspects in New Year attack trial

Foreign fighters a worry as IS struggles to survive

Palestinians killed in continuing protests over Jerusalem occupation

Bourita: Extraordinary meeting between ECOWAS, Morocco to be held beginning of 2018

Saudi-led air strikes, clashes as Yemen forces battle rebels

Sahel force funding shows terrorism fight is Saudi 'priority'

Iraq's Sistani says Hashed should be under government control

Middle-class Egypt adapts as costs soar

Somalia's budget meets IMF terms

Israel PM questioned in graft probe

Lebanon approves bid for oil, gas exploration

US to present 'irrefutable evidence' of Iran violations

Istanbul 'to remove Gulen links' from street names

Iraq hangs 38 jihadists

Pence to visit Middle East despite controversy

Hamas chief calls for continued Jerusalem protests

EU to repatriate 15,000 migrants from Libya in two months

Syria Kurds fear US ally will desert them after IS defeat

Israeli drugmaker Teva to cut 14,000 jobs over two years

Turkey rescues 51 migrants stranded on rocks

Saudi, UAE hold talks with Yemen Islamists

18 killed after bomber strikes Mogadishu police academy

Israeli air strikes target Hamas military facilities

US-led air strikes kill 23 civilians in Syria

Israel union calls nationwide strike over pharmaceutical giant job cuts

UN envoy urges Putin to press Assad for elections

Yemen's Huthi rebels release pro-Saleh media staff

Israel intelligence minister invites Saudi prince to visit

Saudi-led strikes kill 30 in rebel-run Yemen prison

Saudi king says Palestinians have 'right' to Jerusalem

Erdogan urges world to recognise Jerusalem as Palestinian capital

Saudi King says determined to confront corruption

South Sudan needs $1.7 billion humanitarian aid in 2018

UAE oil giant floats 10 percent of retail arm to strong interest

US skeptical about Putin's declaration of military victory in Syria

Growing concern about rise of far-right in Austria

Saudi, UAE seeks to help West Africa fight terrorism

Somali journalist dies after Mogadishu bombing