{"id":440,"date":"2019-09-18T17:36:11","date_gmt":"2019-09-18T15:36:11","guid":{"rendered":"https:\/\/lab52.es\/blog\/?p=440"},"modified":"2019-09-26T14:02:35","modified_gmt":"2019-09-26T12:02:35","slug":"geopolitical-strategy-of-iran-and-the-cyberattacks-of-apt33","status":"publish","type":"post","link":"https:\/\/lab52.io\/blog\/geopolitical-strategy-of-iran-and-the-cyberattacks-of-apt33\/","title":{"rendered":"Geopolitical strategy of Iran and the cyberattacks of APT33"},"content":{"rendered":"\n

Executive summary<\/strong><\/p>\n\n\n\n

The\nfollowing report shows an analysis of several hybrid strategies that\npresumably Iran usually carries out against its national and\ninternational enemies. Currently, it is important to analyze how the\nIranian Defense structures are composed to develop and execute from\nthe State the cyberattacks and hybrid operations. \n<\/p>\n\n\n\n

Moreover,\nin the report there is a descriptive analysis of an APT group\nsupposedly related to Iran, APT33. The campaign showed in the report\nbegan in 2016 within the main goal to cyberattack organizations\nlocated in the USA, allied countries and Middle East. APT33 targets\nimportant governmental organizations and energetic organizations\namong others. Also, this report shows the \u201ctools set\u201d used by\nAPT33, identifying the exploited vulnerability and providing the\nindicators of compromise (IOC) used in several campaigns to keep IT\nsystems secure.<\/p>\n\n\n\n

Introduction<\/strong><\/p>\n\n\n\n

The\ndiplomatic and trading relationships between the United States and\nIran in the last year has had an important rise of tension. The most\nrelevant topics for both actors are the energetic resources in the\nMiddle East and the development of the religious conflict between\nShias and Sunni Muslim communities. These events have provoked an\nimportant rise of hostile policies and operations in several lines:\neconomic sanctions, increase of the espionage operations and an\nincrease of cyberattacks against critical infrastructures. \n<\/p>\n\n\n\n

There\nare several APT groups that keep a presumable relation with the\nMinistry of Intelligence in the Iranian government. APT33 has been\ninvestigated by several cybersecurity companies that have attributed\nthe responsibility of cyberattacks to organizations from energetic,\ngovernmental, research\/development and chemical fields\n([1]).<\/p>\n\n\n\n

Iran\nhas increased its military development and hybrid capabilities as the\ncyber offensive structures to compromise energetic critical\ninfrastructures. \n<\/p>\n\n\n\n

Strategic hybrid defense plan for the islamic republic of Iran: <\/strong><\/p>\n\n\n\n

The\ndiplomatic relationships between the Republic of Iran and the main\npotential States of the Occident have been damaged to the point that\nIran has become one of the most relevant geopolitical threats of the\nUnited States. Since the Islamic revolution in 1979, the degree of\nunrest of both States has been rising, triggering several hybrid and\ndissuasive operations.<\/p>\n\n\n\n

Recently,\nin 2019, the diplomatic relationships are much damaged since the last\ncommercial sanctions imposed by the United States against Iran. The\nTreasury Department of the United States has sanctioned 25 public\nIranian organizations and 17 organizations linked to the defense\nsector and research in the Institute of Nuclear weapons of Iran\n([12]).\n Moreover, the incident in the Strait of Hormuz on 13th<\/sup>\nJune 2019 increased the tension between the two countries. Two oil\ntankers from the Japanese organization Kokuka Courageous and the\nNorwegian Front Altair suffered an attack with an unclear attribution\n([14]).\nThe US government denounced the Islamic Revolutionary Guard Corps\n(IRGC) with a video where they appear removing a mine from one of the\ntankers ([15]).\nThis accusation from the US government was rejected by the government\nof Iran. \n<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

Illustration\n1 Incident location in the Strait of Hormuz<\/em><\/p>\n\n\n\n

Since\nMay 2019, the following maritime incidents have occurred in this\nregion ([20]):<\/p>\n\n\n\n
\n\t\t\t\n\t\t\t\t\nSix\n\t\t\t\tattacks against commercial vessels.\n\t\t\t\n\t\t<\/td><\/tr>
\n\t\t\t\n\t\t\t\t\nShoot-down\n\t\t\t\tof U.S. Navy remotely piloted aircraft over international waters\n\t\t\t\n\t\t<\/td><\/tr>
\n\t\t\t\n\t\t\t\t\nAttempted\n\t\t\t\tat-sea interdiction of Isle of Man-flagged M\/V British Heritage\n\t\t\t\t(oil tanker)\n\t\t\t\n\t\t<\/td><\/tr>
\n\t\t\t\n\t\t\t\t\nSeizure\n\t\t\t\tof ex-Panama-flagged M\/V Riah (oil tanker)\n\t\t\t\n\t\t<\/td><\/tr>
\n\t\t\t\n\t\t\t\t\nSeizure\n\t\t\t\tof U.K.-flagged M\/V Stena Impero (oil\/chemical tanker)\n\t\t\t\n\t\t<\/td><\/tr>
\n\t\t\t\n\t\t\t\t\nDetention\n\t\t\t\tand subsequent release of Liberian-flagged M\/V Mesdar (oil\n\t\t\t\ttanker)\n\t\t\t\n\t\t<\/td><\/tr><\/tbody><\/table>\n\n\n\n

All\nthe recent incidents have been located on one of the most relevant\nmaritime routes and to the oil field. This rise of tension would\nincrease more attacks, military movements and hybrid operations with\ncyberattacks to governments and organizations in the energetic sector\n([18]).\n \n<\/p>\n\n\n\n

On\nthe other hand, there are psychosocial factors that would increase\nthe tension between both powerful States. In terms of sociocultural\nelements, the main differences that cause important difficulties\nreaching diplomatic agreements between these powerful countries are\n([4]):<\/p>\n\n\n\n

The\nUnited States is legally a secular State. However, the American\nsociety has strong religious values and the public scenario is quite\nfull of religious signs and symbols. Conversely, Iran is a theocratic\nRepublic based on Islam. Currently, both governments keep\nantagonistic State structures, these circumstances would hinder the\nunderstanding between both countries. ([4]).\n \n<\/p>\n\n\n\n

Islam\nis the most important religion in Iran, around 80% of the Iranian\npopulation belong to the Shia confession ([6]).\nIn the Shia branch the symbol of the martyr is highly relevant. This\nreligious fact is important to understand the culture of Iran. This\nsociety has strong values that could clash with the Western values\nfrom the United Sates. \n<\/p>\n\n\n\n

In\ngeneral terms the hybrid defense of Iran is composed of the following\ncharacteristics ([4]):\n\n<\/p>\n\n\n\n

Status\nand Influence<\/strong>:\nIran has obtained the role of international representative of the\n\u201cummha\u201d, the global Muslim community. This status allows Iran to\ndevelop an international influence over the Shia Muslim countries.\nIran tries to defend its interests against the United States and its\nmain partners in the Middle East: Israel and Saudi Arabia. \n<\/p>\n\n\n\n

Development\nof softpower strategies: <\/strong>In\nterms of softpower, Iran has begun several defensive strategies\nthrough its media resources. The Iranian government promotes and\nspreads messages via public and private channels defending Middle\nEastern interests in favor of the Shia international community.\nSeveral countries could get bipolarized by this softpower strategies\nas Syria, Iraq, Lebanon and Yemen ([12]).\nOnce the society is fragmented, the Iranian government could promote\nthe campaigns of existing Shiite parties.<\/p>\n\n\n\n

Deterrence\nand defense:<\/strong>\nThe main general interests that Iran tries to defend through a\ndeterrence strategy are: direct attacks on the Nation-State, foreign\nintrusion into the oil trade, defense of the current regime and\nterritorial integrity of the country.<\/p>\n\n\n\n

Currently,\nIran uses the possibility of blocking the Strait of Hormuz ([7])\nas a deterrent measure against the hostile policies of the US and its\nallies. This action could provoke serious damages to the world energy\neconomy, since 30% of world oil production passes daily along this\nroute that links the Persian Gulf with the Indian Ocean. It is\nimportant to note that all petroleum products from the Gulf countries\nconverge on the strait, including exports of crude oil and liquefied\nnatural gas from Iran, Iraq, Kuwait, Bahrain, Qatar, Saudi Arabia and\nthe United Arab Emirates ([4]).<\/p>\n\n\n\n

Another\nimportant deterrent measure developed by the government of Iran has\nbeen the promoting strategy of the \u201cproxy and unconventional\nmilitary forces\u201d. Hezbollah is a terrorist group supposedly\npromoted and funded by the government of Iran. This terrorist group\nwas born in Lebanon in 1982 as a political party. It began its\nterrorist activity against Israel during the war of Israel against\nLebanon in the current “blue line” ([8]).<\/p>\n\n\n\n

Through\nthe promotion of Hezbollah, Iran has developed a proxy to carry out\nparamilitary actions in non-Iranian states. Through these resources,\nIran tries to defend Shiite interests within the Middle East.\nRecently, they have extended their recruitment and financing\nactivities to South America, specifically in Brazil, Paraguay,\nArgentina and Venezuela. Hezbollah’s activity in these regions is\nlinked to drug trafficking looking for funding the terrorist group\n([9]).<\/p>\n\n\n\n

The\ndevelopment of cyber defense structures in Iran has been one of the\nmost important priorities. The high activity and sophistication in\ntheir cyberattack operations made Iran one of the States with\nimportant relevance in cyber espionage ([4]).\nIt is also important to mention that the cyberattacks that have been\ncarried out by APTs supposedly related to the government of Iran\ntarget critical infrastructure from the energy sector.<\/p>\n\n\n\n

Furthermore,\nthe current US government has declared that Iran includes in its\nstrategic defense plan cyber-attacks on the critical infrastructure\nof the United States and those countries allied with it. These\ncyberattacks would be a “DoS attack” ([11])\n([12]).<\/p>\n\n\n\n

Increase of the hybrid and cyber capabilities of Iran<\/strong><\/p>\n\n\n\n

Iran\nbegan its development of hybrid capabilities and asymmetric warfare\nbetween 2009 – 2010 after suffering the Stuxnet cyber-attack, which\nwas presumably attributed to Israel and the United States ([2]).\nThen, after two years, there were several cyberattacks towards\nimportant entities linked to the United States, as in the case of the\nAmerican Bank. The following chart shows the most relevant\ncyberattacks attributed to APT with presumably connections to the\nIranian Ministry of Intelligence Service (MOIS) ([2])\n([11]):<\/p>\n\n\n\n

Chronology of high relevance cyber attacks with pressumably attribution to Iran<\/strong><\/p>\n\n\n\n
\n\t\t\tActor<\/strong>\n\t\t<\/td>\n\t\t\tDuration<\/strong>\n\t\t<\/td>\n\t\t\tGoals<\/strong>\n\t\t<\/td><\/tr>
\n\t\t\tSocial Media\n\t\t<\/td>\n\t\t\t2011 \u2013 2017\n\t\t<\/td>\n\t\t\tCyber\n\t\t\toperation that was carried out through fake accounts and \u201cbots\u201d\n\t\t\tin social networks to generate misinformation in the US society.\n\t\t<\/td><\/tr>
\n\t\t\tCleaver\n\t\t<\/td>\n\t\t\t2012 \u2013 2014\n\t\t<\/td>\n\t\t\tOperation\n\t\t\tfor industrial and government espionage purposes.\n\t\t<\/td><\/tr>
\n\t\t\tAbabil\n\t\t<\/td>\n\t\t\tDec.\n\t\t\t2011 \u2013 May 2013\n\t\t<\/td>\n\t\t\tDoS\n\t\t\tcyber-attacks on companies in the financial sector belonging to\n\t\t\tthe US.\n\t\t<\/td><\/tr>
\n\t\t\tShamoon\n\t\t<\/td>\n\t\t\tAugust\n\t\t\tof 2012\n\t\t<\/td>\n\t\t\tThe\n\t\t\tSaudi energy company Aramco was the victim of a destructive\n\t\t\tmalware wiper attack.\n\t\t<\/td><\/tr>
\n\t\t\tBowman\n\t\t<\/td>\n\t\t\tAugust\n\t\t\t\u2013 Sep. 2013\n\t\t<\/td>\n\t\t\tThe\n\t\t\tBowman’s energetic company in NY was compromised.\n\t\t<\/td><\/tr>
\n\t\t\tSaffron Rose\n\t\t<\/td>\n\t\t\t2013 \u2013 2014\n\t\t<\/td>\n\t\t\tThis\n\t\t\tcampaign targeted the IT systems of the US defense industry and\n\t\t\tthe Iranian regime’s dissidents located abroad.\n\t\t<\/td><\/tr>
\n\t\t\tSands Coorp.\n\t\t<\/td>\n\t\t\t2014\n\t\t<\/td>\n\t\t\tCyberattack\n\t\t\tagainst Las Vegas Sands Corporation.\n\t\t<\/td><\/tr>
\n\t\t\tThamar\n\t\t\tReservoir\n\t\t<\/td>\n\t\t\tFebruary\n\t\t\t2014\n\t\t<\/td>\n\t\t\tCyber\n\t\t\t\u200b\u200bespionage operation aimed to the research centers,\n\t\t\tjournalists and Middle Eastern activists.\n\t\t<\/td><\/tr>
\n\t\t\tAPT OilRig\n\t\t<\/td>\n\t\t\t2017 \u2013 2018\n\t\t<\/td>\n\t\t\tExfiltration\n\t\t\tof confidential information from companies of the energetic and\n\t\t\tgovernmental fields.\n\t\t<\/td><\/tr>
\n\t\t\tShamoon 2\n\t\t<\/td>\n\t\t\tNov.\n\t\t\t2016 January 2017\n\t\t<\/td>\n\t\t\tCyber\n\t\t\t\u200b\u200bespionage operation that targeted several Saudi Ministries.\n\t\t<\/td><\/tr>
\n\t\t\tHBO\n\t\t<\/td>\n\t\t\tMay\n\t\t\t2017\n\t\t<\/td>\n\t\t\tCyber\n\t\t\t\u200b\u200bespionage operation with the aim of stealing confidential\n\t\t\tinformation from HBO.\n\t\t<\/td><\/tr>
\n\t\t\tLeafminer\n\t\t<\/td>\n\t\t\t2017\n\t\t\t– 2018\n\t\t<\/td>\n\t\t\tThreat\n\t\t\tgroup that targeted governments and important organizations\n\t\t\tlocated in the Middle East.\n\t\t<\/td><\/tr>
\n\t\t\tAPT\n\t\t\t33\n\t\t<\/td>\n\t\t\t2016\n\t\t\t– 2019\n\t\t<\/td>\n\t\t\tCyber\n\t\t\t\u200b\u200bespionage campaign focused on organizations from the\n\t\t\taerospace, energy and chemical fields.\n\t\t<\/td><\/tr><\/tbody><\/table>\n\n\n\n

The\nchart below shows Iran\u2019s governmental structure that is supposedly\nresponsible for the malicious cyber-attack campaigns through their\nAPT groups ([3]):<\/p>\n\n\n\n

Governmental structures of Iran presumably related to cyberattacks<\/strong><\/p>\n\n\n\n
\n\t\t\tSupreme\n\t\t\tNational Council of Cyberspace<\/strong>\n\t\t<\/td>\n\t\t\tIt\n\t\t\tis in charge of lawmaking, approving and implementing the laws\n\t\t\trelated to the cyber sector. It is led by the President of the\n\t\t\tRepublic and the Council of Ministers.\n\t\t<\/td><\/tr>
\n\t\t\tNational\n\t\t\tCyberspace Council<\/strong>\n\t\t<\/td>\n\t\t\tIt\n\t\t\tis the body that is responsible for defending the Islamic Republic\n\t\t\tagainst cyberattacks that may affect the State of the Nation.\n\t\t<\/td><\/tr>
\n\t\t\tIslamic\n\t\t\tRevolutionary Guard Corps (IRGC)<\/strong>\n\t\t<\/td>\n\t\t\tRepresents\n\t\t\tthe public body that allegedly manages the APT groups associated\n\t\t\twith the current government of Iran.\n\t\t\t
\n\n\t\t\t\n\t\t\t–\n\t\t\tIRG Electronic warfare and cyberdefence organization: is\n\t\t\tresponsible for the management of training courses for internal\n\t\t\tstaff and the censorship of online public content.\n\t\t\t
\n\n\t\t\t\n\t\t\t–\n\t\t\tBasij Cyber \u200b\u200bCouncil: Represents the body that focuses on\n\t\t\toperations to compromise the enemy regimes.\n\t\t\t
\n\n\t\t\t\n\t\t\t–\n\t\t\tCenter for the investigation of organized crime: Center focused on\n\t\t\tthe identification of targets against the Iranian government.\n\t\t\tFinally they carry out cyberattacks towards the mentioned targets.\n\t\t<\/td><\/tr>
\n\t\t\tArmed\n\t\t\tForces General Staff<\/strong>\n\t\t<\/td>\n\t\t\tIt\n\t\t\tis the body in charge of coordinating policies and operations\n\t\t\tbetween the IRGC and the regular army.\n\t\t\t–\n\t\t\tCyber \u200b\u200bHeadquarters: Coordinate and execute defensive cyber\n\t\t\toperations to neutralize the main cyber threats of the Islamic\n\t\t\tRepublic.\n\t\t<\/td><\/tr>
\n\t\t\tMinistry\n\t\t\tof Intelligence and Security <\/strong>\n\t\t\t\n\t\t<\/td>\n\t\t\tResponsible\n\t\t\tfor Signal Intelligence\n\t\t\t\n\t\t\t\n\t\t<\/td><\/tr>
\n\t\t\tMinistry\n\t\t\tof Interior<\/strong>\n\t\t<\/td>\n\t\t\tMinistry\n\t\t\tin charge of managing the State Security Forces.\n\t\t\t\n\t\t\t\n\t\t<\/td><\/tr>
\n\t\t\tIran\n\t\t\tCyber \u200b\u200bPolice<\/strong>\n\t\t<\/td>\n\t\t\tOrganization\n\t\t\tresponsible for controlling illegal cyber activities and movements\n\t\t\tof dissidents.\n\t\t\t\n\t\t\t\n\t\t<\/td><\/tr><\/tbody><\/table>\n\n\n\n

APT 33 and the energy sector<\/strong><\/p>\n\n\n\n

APT\n33, also known as Elfin Group has kept a notable activity during the\nlast three years. Its target is generalist although a large part of\nthe victims are usually located in Saudi Arabia or in the US. This\nAPT group is presumably attributed to the government of Iran. From\n2016 until 2019 more than 50 organizations have been engaged in the\nfollowing countries ([10]):<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

As\naforementioned, the main geopolitical global enemy of Iran is the US\nand its main regional enemy in the Middle East is Saudi Arabia. The\ngraph shows that the results perfectly correlate with the\ngeopolitical targets of the same state actors mentioned.<\/p>\n\n\n\n

APT\n33 focuses its cyberattacks on organizations of the sectors:\ngovernment, energy, R&D, chemical, finance, health and IT.\nActivity of APT 33 from 2016 to 2019 ([10]):<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

During\nFebruary 2019, APT 33 exploited the CVE-2018-20250 vulnerability in\nWinRAR. The malicious document received, by spear phishing, kept the\nname “JobDetails.rar” ([10]).<\/p>\n\n\n\n

The\nfollowing part shows the toolset pack used by APT 33:<\/p>\n\n\n\n

Notesuk\n(Backdoor.Notestuk): Malware that accesses the backdoor of the\ncompromised system and collects information.<\/p>\n\n\n\n

Stonedrill\n(Trojan.Stonedrill): Malware that contains the functionality to\ncollect documents and destroy any component of the “master boot\nrecord”.<\/p>\n\n\n\n

Autolt\nbackdoor: Through a script with Autolt language, a custom backdoor is\ncreated for the system that has been compromised.<\/p>\n\n\n\n

Remcos\n(Backdoor.Patpoopy): It is a RAT that allows you to steal information\nfrom the system that has been infected.<\/p>\n\n\n\n

DarkComet\n(Backdor.Breut): RAT that allows you to open the backdoor of an\ninfected system.<\/p>\n\n\n\n

Quasar\nRAT (Trojan.Quasar): This RAT can be used to carry out credential\ntheft.<\/p>\n\n\n\n

Pupy\nRAT (Backdoor.Patpoopy): RAT that allows you to open the backdoor and\ninfect the system.<\/p>\n\n\n\n

NanoCore\n(Trojan.Nancrat): RAT used to steal credentials through a backdoor.<\/p>\n\n\n\n

Netweird\n(Trojan.Netweird.B): Trojan that is able to open the backdoor and\nsteal information from compromised systems. You can also download\nmalicious files.<\/p>\n\n\n\n

LaZagne\n(SecuriyRisk.LaZagne): Tool to retrieve credentials.<\/p>\n\n\n\n

Mimikatz\n(Hacktool.Mimikatz): Tool to steal credentials.<\/p>\n\n\n\n

Gppassword:\nTool to obtain the described passwords of the compromised system.<\/p>\n\n\n\n

Sniffpass\n(SniffPass): Tool to steal the passwords used in the compromised\nsystem and to obtain the network traffic.<\/p>\n\n\n\n

It\nshould be mentioned that several cybersecurity companies have linked\nAPT 33 with the Shamoon group and the Stonedrill malware, a \u201ctoolset\u201d\nused by the two groups to cyberattack organizations from the\nenergetic sector in Saudi Arabia ([13]).<\/p>\n\n\n\n

Conclusions:<\/strong><\/p>\n\n\n\n

Iran\nis presumably developing hybrid and softpower strategies to influence\nthe social imbalance of the countries of the Middle East in order to\nestablish a political influence. Currently, Iran uses geostrategic\ntechniques such as the blockade of the Strait of Hormuz, hybrids such\nas the terrorist activity of Hezbollah and cyberattacks and softpower\nsuch as misinformation for the social imbalance of a State.<\/p>\n\n\n\n

Alleged\nstate structures that are allegedly responsible for cyberattacks\nagainst countries and individuals opposed to the regime have been\ndetected. These state structures are supposedly linked to APT\nspecialized in cyberattacking energy organizations. For the last\nthree years APT 33 has maintained a remarkable activity against\norganizations in the energetic sector. One of the most used\nvulnerabilities by this APT group has been CVE-2018-20250 in WinRAR.<\/p>\n\n\n\n

The\nWINRAR update is recommended in order to prevent any possible\nexploitation of the vulnerability and IOC processing provided in the\nLab52 platform.<\/p>\n\n\n\n

References:<\/strong><\/p>\n\n\n\n

[1]\nBlack\nHat Ethical Hacking. (2019, 28 marzo). Elfin: Relentless Espionage\nGroup Targets Multiple Organizations in Saudi Arabia and U.S.\nhttps:\/\/www.blackhatethicalhacking.com\/elfin-target-multiple-organazations-us-saudi-arabia<\/a>\n \n<\/p>\n\n\n\n

[2]\nFOUNDATION FOR DEFENSE OF DEMOCRACIES. (2018). Evolving Menace Iran\u2019s\nUse of Cyber-Enabled Economic Warfare.\nhttps:\/\/www.fdd.org\/wpcontent\/uploads\/2018\/11\/REPORT_IranCEEW.pdf<\/a><\/p>\n\n\n\n

[3]\nFederal\nResearch Division of the Congress of the USA. (s.f.). Iran’s Ministry\nof Intelligence and Security: a profile. Recuperado\nde https:\/\/fas.org\/irp\/world\/iran\/mois-loc.pdf<\/a>\n\n<\/p>\n\n\n\n

[4]\nMiddle\nEast Studies at the Marine Corps University. (2015). The Strategic\nCulture of the Islamic Republic of Iran Religion, Expediency, and\nSoft Power in an Era of Disruptive Change. Recuperado\nde\nhttps:\/\/www.washingtoninstitute.org\/uploads\/Documents\/pubs\/MESM_7_Eisenstadt.pdf<\/p>\n\n\n\n

[5]\nEsteban Torres. (2013). La ley general del poder. Recuperado de\nhttps:\/\/estudiossociologicos.colmex.mx\/index.php\/es\/article\/view\/105\/105<\/a>\n \n<\/p>\n\n\n\n

[6]\nRussia Today. (2015). Sunitas y chiitas: \u00bfQu\u00e9 es lo que los separa?\nRecuperado de\nhttps:\/\/actualidad.rt.com\/actualidad\/167320-sunitas-chiies-diferencias-conflicto<\/a><\/p>\n\n\n\n

[7]\nBBC. (2019). Ormuz, el estrecho clave que enfrenta a EE.UU. e Ir\u00e1n\npor el que se transporta la tercera parte del petr\u00f3leo del mundo.\nRecuperado de\nhttps:\/\/www.bbc.com\/mundo\/noticias-internacional-44947623<\/a>\n\n<\/p>\n\n\n\n

[8]\nInfobae. (s.f.). Seis claves para comprender qu\u00e9 es Hezbollah.\nRecuperado de\nhttps:\/\/www.infobae.com\/2013\/07\/22\/1072760-seis-claves-comprender-que-es-hezbollah\/<\/a>\n\n<\/p>\n\n\n\n

[9]\nThe\nHill. (2018). Washington\u2019s silent war against Hezbollah in Latin\nAmerica. Recuperado\nde\nhttps:\/\/thehill.com\/opinion\/international\/409820-washingtons-silent-war-against-hezbollah-in-latin-america<\/a><\/p>\n\n\n\n

[10]\nSymantec.\n(2019). Elfin: Relentless Espionage Group Targets Multiple\nOrganizations in Saudi Arabia and U.S. Recuperado\nde\nhttps:\/\/www.symantec.com\/blogs\/threat-intelligence\/elfin-apt33-espionage<\/a><\/p>\n\n\n\n

[11]\nF-Secure.\n(2018). The State of a Station A report on attackers in the energy\nindustry. Recuperado\nde\nhttps:\/\/s3-eu-central-1.amazonaws.com\/evermade-fsecure-assets\/wp-content\/uploads\/2019\/04\/15105531\/F-Secure_energy_report.pdf<\/a>\n \n<\/p>\n\n\n\n

[12]\nWorld\nAware. (2019). Rising Tensions between US and Iran US Designates IRGC\nas Foreign Terrorist Organization. Recuperado\nde\nhttps:\/\/www.worldaware.com\/resources\/blog\/rising-tensions-between-us-and-iran<\/a>\n \n<\/p>\n\n\n\n

[13]\nThe\nNational CSIRT-CY. (2019). Iran Based Elfin Group (APT33) Continues\nto Attack Firms. Recuperado\nde\nhttps:\/\/csirt.cy\/iran-based-elfin-group-apt33-continues-to-attack-firms\/<\/a>\n \n<\/p>\n\n\n\n

[14]\nCNBC. Why Iran\u2019s forc\u00e9 would blow up foreign tankers near Strait\nof Hormuz.\nhttps:\/\/www.cnbc.com\/2019\/06\/20\/why-irans-forces-would-blow-up-foreign-tankers-near-strait-of-hormuz.html<\/a><\/p>\n\n\n\n

[15]\nCNBC. US Military releases new images of Japanese oil tanker.\nhttps:\/\/www.cnbc.com\/2019\/06\/17\/us-military-releases-new-images-of-japanese-oil-tanker-attack.html<\/a><\/p>\n\n\n\n

[16]\nBBC. World Middle East.\nhttps:\/\/www.bbc.com\/news\/world-middle-east-48700965<\/a><\/p>\n\n\n\n

[17]\nJPOST. Middle East. Trump approved military action against Iran and\nchanged his mind. \nhttps:\/\/www.jpost.com\/Middle-East\/Trump-approved-military-action-against-Iran-And-changed-his-mind-593223<\/a><\/p>\n\n\n\n

[18]\nNY Times. Oil tankers attacks Strait Hormuz.\nhttps:\/\/www.nytimes.com\/2019\/06\/13\/business\/oil-tanker-attacks-strait-hormuz.html<\/a><\/p>\n\n\n\n

[19]\nAljazeera. Oil prices surge Iran shoots drone\nhttps:\/\/www.aljazeera.com\/ajimpact\/oil-prices-surge-iran-shoots-drone-190620085950312.html<\/a><\/p>\n\n\n\n

[20]\nhttps:\/\/www.gpsworld.com\/iran-jams-gps-on-ships-in-strait-of-hormuz\/<\/a><\/p>\n\n\n\n

ANEX:<\/strong><\/p>\n\n\n\n

Image\n1. Supposal location of the headquarters of the Ministry of\nIntelligence and Security of Iran<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

Source:\nFederal Research Division of the United States of America ([3]).<\/p>\n\n\n\n

Image\n2. Satellite photo of the headquarters of the Ministry of\nIntelligence and Security of Iran<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

Source:\nFederal Research Division of the United States of America ([3]).<\/p>\n\n\n\n

Image\n3. Presumably Delegation of the Ministry of Intelligence and Security\nof Iran.<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

Source:\nFederal Research Division of the United States of America ([3]).<\/p>\n","protected":false},"excerpt":{"rendered":"

Executive summary The following report shows an analysis of several hybrid strategies that presumably Iran usually carries out against its national and international enemies. Currently, it is important to analyze how the Iranian Defense structures are composed to develop and execute from the State the cyberattacks and hybrid operations. Moreover, in the report there is […]<\/p>\n","protected":false},"author":6,"featured_media":441,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[1],"tags":[],"class_list":{"0":"post-440","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-uncategorised","8":"entry"},"featured_image_src":"https:\/\/lab52.io\/blog\/wp-content\/uploads\/2019\/09\/image1-365x400.png","featured_image_src_square":"https:\/\/lab52.io\/blog\/wp-content\/uploads\/2019\/09\/image1-365x600.png","author_info":{"display_name":"Dex","author_link":"https:\/\/lab52.io\/blog\/author\/dex\/"},"_links":{"self":[{"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/posts\/440"}],"collection":[{"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/comments?post=440"}],"version-history":[{"count":7,"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/posts\/440\/revisions"}],"predecessor-version":[{"id":492,"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/posts\/440\/revisions\/492"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/media\/441"}],"wp:attachment":[{"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/media?parent=440"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/categories?post=440"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lab52.io\/blog\/wp-json\/wp\/v2\/tags?post=440"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}