This is one VPN you won't want to download

VPN
(Image credit: Shutterstock)

Security researchers have discovered that an Iranian state-sponsored hacking group has built and been operating its own private VPN which it uses for hacking, reconnaissance and even everyday web browsing.

According to new research from Trend Micro, the group, codenamed APT33, is Iran's most sophisticated hacking unit. The group was responsible for the Shamoon malware back in 2012 which was used to wipe the hard drives of more than 35,000 workstations at Saudi Arabia's Saudi Aramco.

The group recently resurfaced and launched a series of new attacks targeting the oil and aviation industries. So far in 2019, APT33 has infected an American company that provides national security services, a university and a college in the US, a victim associated with the US military and several other victims in the Middle East and Asia.

However, while Trend Micro was investigating the group's latest attacks, it was able to gain a great deal of insight into how APT33 manages its hacking infrastructure.

APT33

Trend Micro's researchers discovered that APT33 used four layers between its operators and their targets to help the group avoid detection. 

First they used a custom-built network of VPN nodes to hide the IP addresses and the locations of their operators, they then employ a bot controller layer made up of intermediary servers, next a C&C backend layer is made up of servers which manage its malware botnets and finally a layer of proxy servers is used by the C&C servers to hide from infected hosts.

However, the biggest revelation made by Trend Micro is the fact that APT33 had set up and was operating its own private VPN network as opposed to using commercial VPN servers to hide their location. This actually made the group easier to track as the researchers only had to look out for a few IP addresses whereas with a commercial VPN they would have been far less detectable.

Trend Micro explained how APT33's private VPN made the group easier for it to track in a blog post, saying:

“Setting up a private VPN can be easily done by renting a couple of servers from datacenters around the world and using open source software like OpenVPN. Though the connections from private VPN networks still come from seemingly unrelated IP addresses around the world, this kind of traffic is actually easier to track. Once we know that an exit node is mainly being used by a particular actor, we can have a high degree of confidence about the attribution of the connections that are made from the IP addresses of the exit node.”

This isn't the first time we've seen a group of hackers create and operate their own VPN as earlier this year, hackers who used many of the tools and techniques of the Chinese-affiliated threat actor group APT10, built a VPN for greater convenience within the networks of mobile carriers they had previously infiltrated.

Via ZDNet

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in VPN
Proton VPN and Vivaldi partnership – promo image
Proton joins forces with Vivaldi browser to help you break free from Big Tech
Swiss flag with view of Geneva city, Switzerland
Secure encryption and online anonymity are now at risk in Switzerland – here's what you need to know
Demonstrators protesting against the arrest of the Mayor of Istanbul Ekrem Imamoglu block Atatürk Boulevard on March 22, 2025 in Ankara, Türkiye.
Turkey's social media ban has been lifted, but VPN usage is still high
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
A hand holds a smartphone displaying the NordVPN logo
NordVPN Prime hits lowest-ever price in VPN Spring sale
Digital hand set location on map with two pins. AI technology in GPs, innovation delivery, map location, future transport logistic, route path concept. GPs point. New office location, change address
What does your IP address reveal about you?
Latest in News
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does
iPhone 13 mini
The iPhone mini won't be returning, according to rumors – and you think that's a mistake