The US cyber-security company FireEye released a report, stating that a little-know, presumably Iranian, hacker group is spying on companies in aviation and energy sector located in the United States, Saudi Arabia and South Korea.

According to the report, the hacker group called APT33 by the FireEye, is targeting companies in multiple industries – with a focus on aviation – to spy for what appears to be Iranian government interests. It claims that cyber espionage operations target military and commercial aviation companies, with a probable cause to obtain the information on regional military aviation potentials.

For instance, the report states that during the period of the second half of 2016 to the beginning of 2017 the hacker group compromised a company in US aerospace sector and a Saudi Arabian conglomerate.

For their operations, the Iranian hacker group exploits the employees of aviation-sector companies by sending them emails about job listings with embedded malicious links. According to the report, the infected emails appear to be legitimate as they contain not only specific role descriptions with salaries, but also links to the company’s recruitment website and, in some cases, even had the Equal Opportunity hiring statement widely used by US companies.

The topic of cyber-security is highly debatable in aviation sector. Although airlines are hesitant to release the information on their protection levels, multiple incidents of IT malfunctions and crashes indicate that the systems currently in place are vulnerable. It is believed that the IT systems many airlines use have been written decades ago, causing complex problems as the new updates must not only function flawlessly, but also be compatible with the system and all its previous updates.

In May 2017 thousands of passengers flooded Heathrow and Gatwick airports with baggage and customer complaints after British Airways IT system broke down. The incident, together with the cyber-attack on British health care system NHS even caused the country to launch consultations for the plan to punish local companies that provide “essential services” but do not do enough to prevent IT meltdowns and cyber-attacks.