Iran has tried to purchase wiper malware from Russian underground forums that can help hackers irreversibly remove computer data.
Sergey Shykevich, threat intelligence expert at cyber security company Check Point said in an interview with digital magazine Computer Weekly, “Nation states understand that to pretend to be involved in hacktivism allows them deniability … They don’t want to be accused, even if everyone knows it’s Russia or Iran”.
According to the expert, Russian cybercrime forums are often frequented by state-sponsored hacking groups, including those linked to Iran, which can spend large sums of money on buying malwares as “their budgets are unlimited.”
Russian underground forums have long been one of the main sources of buying and selling malware on the Internet. Launched in 2000, “Exploit” is one of such forums which includes around one million messages regarding more than 200,000 different subjects.
“They offer everything you could imagine … It starts with software vulnerabilities. You can rent malware, ransomware as a service and spam as a service to distribute fake phishing emails and currently even AI-related services, and deep fake platforms,” Shykevich added.
Running cybercrime forums has turned into a lucrative business in Russia. According to reports, one of the administrators of these forums recently enjoyed a $500,000 wedding ceremony in Moscow.
Computer Weekly said that Russian underground forums are “strictly members only”, fees varying from around $60 to several thousand. The forums also employ a vetting process before admitting new members in an attempt to block the access of security forces or researchers.
In recent years, Tehran and Moscow have strengthened their political, military, communication, and cyber ties, prompting concerns among Western countries and their allies.
In December, the Iranian parliament approved a bill dedicated to information and intelligence cybersecurity cooperation between Tehran and Moscow.
Microsoft disclosed in February that state-backed hackers from Iran, Russia and China have been leveraging tools developed by Microsoft-backed OpenAI to enhance their cyber espionage capabilities.
It followed revelations in November that Microsoft’s Threat Analysis Center (MTAC) had issued a warning that Iran, Russia and China are likely to plan to influence the upcoming elections in the United States and other countries later this year.
Moreover, police in the UK announced in January that they have launched a new unit to deal with threats posed by Tehran, Moscow and Beijing ahead of the UK’s general election. “We will be the most overt part of the UK security community stepping up its response to those hostile state actions,” said Assistant Commissioner Matt Jukes, the UK’s head of counter-terrorism policing.
Iran-backed hackers have particularly stepped up their activities following the Israel-Hamas conflict. According to American cybersecurity company CrowdStrike, in the second half of 2023, “Iran-nexus adversaries and Middle East hacktivist adversaries were also observed pivoting cyber operations in alignment with kinetic operations stemming from the 2023 Israel-Hamas conflict.”
In December 2023, Iran-linked hackers targeted a water facility in the rural area of County Mayo in Ireland, leaving the residents without water for two days. The attack was carried out by pro-Iran Cyber Av3ngers group which claimed that the facility was attacked because it used an Israeli-made piece of equipment.