Cybersecurity firm FireEye has identified a new group of hackers, known as APT33, and it is being revealed that they have been working on behalf of the Iranian government since 2013.
FireEye also revealled Between the middle of 2016 and early 2017, APT33 targeted a U.S. organization in the aerospace sector and a Saudi Arabian company with aviation links, as well as a South Korean oil and chemicals firm.
Fireeye said APT33 typically sends employees phishing emails that often appear to be credible, asking them to click links to job vacancies in their field.
Nick Carr, a senior Mandiant investigator, said the group used servers based in Iran and its malware contained Farsi language. He warned that even if users did not click on the links, APT33 had other tools they could use to break into systems.