Cyber firm says Iranian-linked espionage group targeting telecom, high-tech industries

Cybersecurity firm FireEye announced Tuesday that it has added the newly identified group called APT39 to its growing list of advanced persistent threats.

"APT39’s focus on personal information likely supports the planning, monitoring, and tracking of intelligence operations that serve Iran’s national priorities," Benjamin Read, FireEye's senior manager of Cyber Espionage Analysis, said in a statement.

"Targeting data supports the belief that APT39's key mission is to track or monitor targets of interest, collect personal information, including travel itineraries, and gather customer data from telecommunications firms," the firm's latest report states.

The espionage group's cyber heists are hitting a series of targets, according to FireEye.

"In contrast, other Iranian groups generally target traditional government and commercial information and support disruptive attacks," Read's statement says.

Despite this, FireEye said APT39 appears to be working to advance Iranian state interests because its toolset overlapped with other groups previously linked to the country –– although the firm does not go so far as to say it is state-sponsored activity.

"We have moderate confidence APT39 operations are conducted in support of Iranian national interests based on regional targeting patterns focused in the Middle East, infrastructure, timing..." the report says.

The release of the report comes on the same day that U.S. intelligence leaders unveiled their latest "Worldwide Threat Assessment" and addressed such cyber threats during a Senate Intelligence Committee hearing.

The intelligence assessment warns that Iran continues to "present a cyber espionage and attack threat" to the U.S. and its allies.

"Iran uses increasingly sophisticated cyber techniques to conduct espionage; it is also attempting to deploy cyber attack capabilities that would enable attacks against critical infrastructure in the United States and allied countries," the intelligence report warns.

U.S. officials described in the report how Iran has sophisticated capabilities and could cause major disruptions for a large company -- from days to weeks.

Iran is also preparing to launch cyber attacks against the U.S. and its allies, the report warns, with Iranian-linked hackers going after officials who work for the U.S. government as well as other government entities in order to "gain intelligence and position themselves for future cyber operations."

While intelligence officials have long warned about Iran as a cyber threat, scrutiny of Tehran's digital operations spiked after it was found copying Russia's playbook from the 2016 elections: using social media platforms to target and influence the U.S. as well as allied audiences.

Tensions between Washington and Tehran have become more strained since President Trump decided last year to withdraw from the Obama-era Iran nuclear deal. The deal, formally known as the Joint Comprehensive Plan of Action (JCPOA), aimed to alleviate financial pressure on Iran in exchange for the country halting its nuclear weapons program.

Director of National Intelligence Dan Coats on Tuesday revealed that the intelligence community found that Iran is not currently developing its nuclear weapons capabilities, but Iranian officials are threatening to begin building up the country’s nuclear capabilities if Tehran “does not gain the tangible trade and investment benefits it expected from the deal."