Iran-linked Hackers Mapped Ship Ais Data Days Before Real-world...
Threat actors with ties to Iran engaged in cyber warfare as part of efforts to facilitate and enhance physical, real-world attacks, a trend that Amazon has called cyber-enabled kinetic targeting.
The development is a sign that the lines between state-sponsored cyber attacks and kinetic warfare are increasingly blurring, necessitating the need for a new category of warfare, the tech giant's threat intelligence team said in a report shared with The Hacker News.
While traditional cybersecurity frameworks have treated digital and physical threats as separate domains, CJ Moses, CISO of Amazon Integrated Security, said these delineations are artificial and that nation-state threat actors are engaging in cyber reconnaissance activity to enable kinetic targeting.
"These aren't just cyber attacks that happen to cause physical damage; they are coordinated campaigns where digital operations are specifically designed to support physical military objectives," Moses added.
As an example, Amazon said it observed Imperial Kitten (aka Tortoiseshell), a hacking group assessed to be affiliated with Iran's Islamic Revolutionary Guard Corps (IRGC), conducting digital reconnaissance between December 2021 and January 2024, targeting a ship's Automatic Identification System (AIS) platform with the goal of gaining access to critical shipping infrastructure.
Subsequently, the threat actor was identified as attacking additional maritime vessel platforms, in one case even gaining access to CCTV cameras fitted on a maritime vessel that provided real-time visual intelligence.
The attack progressed to a targeted intelligence gathering phase on January 27, 2024, when Imperial Kitten carried out targeted searches for AIS location data for a specific shipping vessel. Merely days later, that same vessel was targeted by an unsuccessful missile strike carried out by Iranian-backed Houthi militants.
The Houthi forces have been attributed to a string of missile attacks targeting commercial shipping in the Red Sea in support of the Palestinian militant group Hamas in its war with Israel. On February 1, 2024, the Houthi movement in Yemen claimed it had struck a U.S. merchant ship named KOI with "several appropriate naval missiles."
"This case demonstrates how cyber operations can provide adversaries with the precise intelligence needed to conduct targeted physical attacks against maritime infrastructure – a critical component of global commerce and military logistics," Moses said.
Anothe
Source: The Hacker News
