Security researchers with FireEye are tracking a cyber-espionage group operating from Iran. The group, which is dubbed APT39 and has been operating since at least November 2014, primarily focuses on telcos and organizations in the travel industry, with a regional prioritization of the Middle East, although the U.S. and South Korea are also targeted.
The hackers avoid carrying out disruptive attacks. Instead they monitor the operations of targeted organizations and associated individuals, steal data, and create entry points such as backdoors to make sure they can access systems in future campaigns.
Read more: Iran-Linked Hackers Use Array of Tools to Steal Data: FireEye