According to Silicon Valley-based cybersecurity company FireEye, Iranian hackers have become increasingly aggressive and sophisticated, moving from disrupting and defacing American websites to engaging in cyber espionage, according to Reuters.
FireEye says a group called the Ajax Security Team has become the first Iranian hacking group known to use customized malicious software to launch espionage campaigns, Reuters reported.
Ajax is behind an ongoing series of attacks on U.S. defense companies and has also targeted Iranians who are trying to circumvent Tehran's Internet censorship efforts, FireEye said on Tuesday, according to Reuters.
Many security experts have said Iran is behind a series of denial-of-service attacks that have disrupted the online banking operations of major U.S. financial institutions over the past few years, Reuters reported.
According to FireEye, Ajax was formed by two hackers known as "HUrr!c4nE!" and "Cair3x," and began by defacing websites, according to Reuters. The group became increasingly political after Stuxnet.
"I've grown to fear a nation state that would never go toe-to-toe with us in conventional combat that now suddenly finds they can arrest our attention with cyber attacks," Michael Hayden, former director of the CIA and the National Security Agency, told the Reuters Cybersecurity Summit on Monday.
Since the Stuxnet attack on Tehran's nuclear program in 2010, security experts say Iranian hackers stepped up their campaigns against foreign targets, according to Reuters. The Stuxnet computer virus is widely believed to have been launched by the United States and prompted Iran to ramp up its own cyber programs.
FireEye researcher Nart Villeneuve said his company is monitoring several Iranian hacking groups and that Ajax seems to have the most advanced methods, Reuters reported.
In one recent campaign, the Ajax hackers infected computers of U.S. defense companies by sending emails and social media messages to attendees of the IEEE Aerospace Conference and directed them to a fake website called aeroconf2014.org, which was tainted with malicious software, FireEye said, according to Reuters.
FireEye declined to name the companies that were targeted and said that it had not been able to determine what data might have been stolen, Reuters reported. The Ajax hackers used a malicious software dubbed "Stealer" that sought to collect data about compromised computers and record keystrokes, according to FireEye.
Villeneuve said FireEye had also uncovered evidence that Ajax engaged in credit card fraud, which suggests the hackers were not under the direct control of the Iranian government, according to Reuters.
