First Published: 2017-08-13

Investigation uncovers Iran-backed cyber-espionage group in MENA region
CopyKittens activities mostly centred on espionage of strategic targets, particularly Saudi Arabia, Jordan, Turkey, Israel, Germany and the United States.
Middle East Online

By Mohammed Alkhereiji - LONDON

Increased activities.

The Iran-backed cyber-espionage group CopyKittens has increased activities, launching attacks on governments, defence companies and academic institutions in support of Tehrans political agenda, a report said.

An investigative study by Israeli firm ClearSky Cybersecurity and Trend Micro called Operation Wilted Tulip traced CopyKittens activities to 2013, shedding light on its work patterns and possible motivations.

The report revealed that CopyKittens activities mostly centred on espionage of strategic targets, particularly Saudi Arabia, Jordan, Turkey, Israel, Germany and the United States.

The group extracted information from government organisations, academic institutions, online news sites and NGOs with the objective of gathering as much information and data from target organisations as possible, the report said.

CopyKittens used rudimentary techniques, such as phishing, malicious e-mail attachments and, more recently, watering hole attacks to gather information.

Its more that the methods they are using are efficient. They are getting out the data that they need to, said Robert McArdle, director of research at Trend Micro, adding that the groups lack of refinement makes it relatively easy to track CopyKittens activities compared to more sophisticated campaigns that could go on for years without being detected.

McArdle said CopyKittens methods are of the more traditional variety, using exploits to take advantage of out-of-date systems, so if the user is missing updates or patches, an automatic infection is more likely. A lot of the groups attacks go after the most vulnerable parts of any organisation humans.

In any computer network security chain, the weakest link in always the human element, said Iyad Barakat, a London-based digital analyst.

Groups more sophisticated than CopyKittens will try to target the human element in the chain, using techniques like a watering hole attack to simply extract passwords because these methods save them time, effort and usually have a higher success rate than the more sophisticated ones.

McArdle said an effective method to gain the human elements trust is a social engineering campaign, which uses a number of psychological tricks to get the information needed to access a computer network.

Social engineering is relatively quick and easy to do in terms of setting up fake e-mail accounts or fake Facebook accounts or whichever social networking profile you are going with, McArdle said, adding that effort is required to manage these resources and accounts.

Social engineering cant be stopped with traditional protection methods, said David Emm, principal security researcher at Kaspersky Lab.

Social engineering works and even if businesses have the right protection, without the right staff education they can fall victim, Emm said. Awareness is low in the Middle East as generally Western businesses have had longer to grapple with such issues.

One effective trick that CopyKittens used, McArdle said, is reaching important targets through other compromised accounts. Once CopyKittens gained access to an e-mail account in an organisation, it would not immediately try to take over higher-level targets in the company but log on and wait for a natural conversation to start between the person whose account it controls and the target. It might then reply to an e-mail thread, saying: You might want to open this link.

During the Gulf Information Security Expo and Conference in May in Dubai, experts urged for more cybersecurity cooperation between countries in the Gulf Cooperation Council. The Middle East cyber-security market is projected to grow to $22.14 billion by 2022, with Saudi Arabia expected to contribute the largest share.

Mohammed Alkhereiji is the Arab Weeklys Gulf section editor.

This article was originally published in The Arab Weekly.


Syria rebels prepare to quit penultimate pocket of Ghouta

Egyptians prepare to vote with Sisi reelection guaranteed

Israel ministers welcome US appointment of 'friend' Bolton

Iran slams US sanctions over hacking scheme

Iraqi widow saved recruits from slaughter by IS

Policeman dead in bombing in Alexandria

Syrians in Manbij fear Turkey, bet on US

Quick victory unlikely in Egypt assault on IS

Sisi, Egypt's undisputed leader and 'father figure'

PKK to quit northwest Iraq after Turkish threat

Iraqi asylum seeker gets life sentence for London bombing

UK says Israeli sentencing of Palestinian teenage girl "emblematic"

Sarkozy vows to clear name in Libya probe

Syria announces second evacuation deal for rebel-held Eastern Ghouta.

Three dead after suspected IS gunman takes hostages in France

170,000 flee violence in Syria's Afrin

Norway proposes bill to ban full-face veils in education

Turkey says EU statements on Cyprus 'unacceptable'

Air strikes hit Ghouta despite rebel ceasefire effort

US approves $1 billion in Saudi defence contracts

Saudi to carry out nuclear power deal with or without US

In world first, flight to Israel crosses Saudi airspace

Saudi, US must pursue 'urgent efforts' for Yemen peace: Mattis

US, Jordan launch new counterterrorism training centre

Turkey’s largest media group to be sold to Erdogan ally

Rebels evacuate Syria's Eastern Ghouta

Exiled Syrian doctors treat refugees in Turkey

Two Hamas security force members killed in raid on bomb suspect

Turkey gives watchdog power to block internet broadcasts

EU leaders to condemn Turkey’s ‘illegal’ actions in Mediterranean

Sarkozy says life ‘living hell’ since corruption allegations

Hezbollah leader says debt threatens Lebanon disaster

Ahed Tamimi reaches plea deal for eight months in jail

UN launching final push to salvage Libya political agreement

Conditions for displaced from Syria's Ghouta 'tragic': UN

Sisi urges Egyptians to vote, denies excluding rivals

Rights Watch says Libya not ready for elections

Saudis revamp school curriculum to combat Muslim Brotherhood

American mother trapped in Syria’s Ghouta calls out Trump

Syria workers say French firm abandoned them to jihadists

Grim Nowruz for Kurds fleeing Afrin

Sarkozy back in custody for second day of questioning

'Saudization' taking its toll on salesmen

Syrian rebels reach evacuation deal in Eastern Ghouta town

Israel confirms it hit suspected Syrian nuclear reactor in 2007