Of the four new advanced persistent threat (APT) groups christened by FireEye last year, three were out of Iran. Mandiant, the incident response services arm of FireEye, witnessed a major increase in nation-state hacking activity by Iranian attackers in 2017, especially on the cyber espionage side of things. Iranian groups now are maintaining and keeping a foothold in victim organizations for months and sometimes years, demonstrating their sophistication, according to Mandiant's newly published M Trends Report on its incident investigations in 2017.
"In a way, it felt like Iran was the new China," notes Charles Carmakal, a vice president at Mandiant. "There were so many Chinese threat actors in operations [in previous years], it felt like everyone had at least one Chinese actor" attacking them, he notes.