APT33 thought to be targeting industrial control systems.
Microsoft revealed that Iran's APT33 (also known as "Elfin" or "Refined Kitten") has turned its attention to industrial control systems, WIRED reports. At the CyberwarCon event in Arlington, Virginia, on Thursday, Microsoft researchers said APT33 routinely targets tens of thousands of organizations with password-spraying attacks, but over the past two months the group has lowered the number of targets to just two thousand companies. At the same time, they've vastly increased the number of accounts they target at each of these organizations. Around half of the top twenty-five most targeted organizations were companies that manufacture, supply, or maintain ICS equipment.
The researchers believe this activity suggests preliminary reconnaissance and battlespace preparation. They said the hackers are probably targeting these companies so they can learn how their equipment works, and then subsequently launch ICS-focused attacks against the companies' customers. Iran has mounted destructive attacks in the past, but the ICS targeting suggests that, unlike Shamoon, which Iran turned loose on Saudi Aramco networks in 2012, APT33 is now looking to cause physical damage as opposed to wiping data.