Iranian hackers began their latest wave of attacks in Persian Gulf states last year. Since then, they have expanded to 80 targets — including internet service providers, telecommunications companies and government agencies — in 12 European countries and the United States, according to researchers at FireEye, which first reported the attacks last month.
The current hacks are harder to catch than previous Iranian attacks. Instead of hitting victims directly, FireEye researchers said, Iranian hackers have been going after the internet’s core routing system, intercepting traffic between so-called domain name registrars. Once they intercepted their target’s customer web traffic, they used stolen login credentials to gain access to their victims’ emails. (Domain name registrars hold the keys to hundreds, perhaps thousands, of companies’ websites.)
“They’re taking whole mailboxes of data,” said Benjamin Read, a senior manager of cyberespionage analysis at FireEye. Mr. Read said Iranian hackers had targeted police forces, intelligence agencies and foreign ministries, indicating a classic, state-backed espionage campaign rather than a criminal, profit-seeking motive.
There is a long history of Iranian attacks against the United States, and episodes from five years back or longer are just now being made public.
On Wednesday, the Justice Department announced an indictment against a former Air Force intelligence specialist, Monica Witt, on charges of helping Iran with an online espionage campaign. Four members of Iran’s Islamic Revolutionary Guard Corps were also charged with “computer intrusions and aggravated identity theft” directed at members of the United States intelligence community.
Also last week, the Treasury said it was putting sanctions on two Iranian companies, New Horizon Organization and Net Peygard Samavat Company, and several people linked to them. Treasury officials said New Horizon set up annual conferences where Iran could recruit and collect intelligence from foreign attendees.
Ms. Witt attended one of the conferences, the indictment says. Net Peygard used information she provided to begin a campaign in 2014 to track the online activities of United States government and military personnel, Treasury officials said.