The US is their prime target, security experts warn.
Iranian hackers are stepping up their cyber attacks on US, moving from attacking US companies’ websites to conducting spying activities, a report claims.
An Iranian hacking group known as the Ajax Security Team is the first to make its own malicious software as part of espionage campaigns.
The hackers are using software called "Stealer" that is designed to collect data and record keystrokes on computers, grab screen shots and steal information from web browsers and email accounts.
Ajax is responsible for a chain of attacks on US defense companies, said the report by cybersecurity company FireEye.
Recently, Ajax hackers infected computers of companies by sending emails and social media messages to attendees of the IEEE Aerospace Conference and directed them to a fake website called aeroconf2014.org, which was tainted with malicious software, most likely to be Stealer.
Ajax is also targeting those Iranian nationals who are attempting to bypass the country’s Internet censors to access content such as pornography and political opposition sites.
At Reuters Cybersecurity Summit, Michael Hayden, former director of the CIA and the National Security Agency, said: "I’ve grown to fear a nation state that would never go toe-to-toe with us in conventional combat that now suddenly finds they can arrest our attention with cyberattacks."
Hackers have increased cyber attacks in the wake of the Stuxnet attack which hit Iran’s nuclear facilities in 2010. The virus was believed to be the handiwork of US and Israeli agencies, prompting Iran to ramp up its own cyber programmes.
Earlier, Iran rejected reports by US officials alleging its involvement in attacking several banks in the US, including Bank of America, JPMorgan Chase & Co, Citigroup, Wells Fargo & Co and PNC Financial Services Group.
The hackers employed DDoS attacks, or distributed denial of service attacks, named so as the aim is to deny customers service by directing large volumes of traffic to a site until it collapses. No bank accounts were breached in the attack, though.
The report points out that though Ajax has become more political in its activities, there is no indication yet of a Stuxnet-style attack.
Speaking at the Reuters summit, Leonard Moodiwspaw, CEO of Maryland cybersecurity company, KEYW Holding Corp., said: "They are more interested in IP and taking money than in shutting anybody down."