We believe we’re seeing an evolution and development in Iranian-based cyber activity. In years past,
Iranian actors primarily committed politically-motivated website defacement and DDoS attacks.More
recently, however, suspected Iranian actors have destroyed data on thousands of computers with the
Shamoon virus,and they have penetrated the Navy Marine Corps Intranet (NMCI), which is used by the
U.S. Navy worldwide.3
In this report, we document the activities of the Ajax Security Team, a hacking group believed to be
operating from Iran. Members of this group have accounts on popular Iranian hacker forums such as
ashiyane[.]org and shabgard[.]org, and they have engaged in website defacements under the
group name “AjaxTM” since 2010. By 2014, the Ajax Security Team had transitioned from performing
defacements (their last defacement was in December 2013) to malware-based espionage, using a
methodology consistent with other advanced persistent threat actors in this region.
more here..........http://www.fireeye.com/resources/pdfs/fireeye-operation-saffron-rose.pdf
Iranian actors primarily committed politically-motivated website defacement and DDoS attacks.More
recently, however, suspected Iranian actors have destroyed data on thousands of computers with the
Shamoon virus,and they have penetrated the Navy Marine Corps Intranet (NMCI), which is used by the
U.S. Navy worldwide.3
In this report, we document the activities of the Ajax Security Team, a hacking group believed to be
operating from Iran. Members of this group have accounts on popular Iranian hacker forums such as
ashiyane[.]org and shabgard[.]org, and they have engaged in website defacements under the
group name “AjaxTM” since 2010. By 2014, the Ajax Security Team had transitioned from performing
defacements (their last defacement was in December 2013) to malware-based espionage, using a
methodology consistent with other advanced persistent threat actors in this region.
more here..........http://www.fireeye.com/resources/pdfs/fireeye-operation-saffron-rose.pdf