A previously unknown hacking group believed to be based in Iran has started cyber attacks inside the U.S., according to Mandiant Corp., a security company that’s linked China’s army to similar activity.
The Iranian group emerged within the last six months and has infiltrated the networks of at least one U.S. corporation, Richard Bejtlich, Mandiant’s chief security officer, said in an interview in Washington today.
“You’re starting to see the Iranians get more active,” Bejtlich said. “We’ve got at least one case where we think it’s Iran, and we think what they are doing is trying to gain some experience on a live network.”
Bejtlich’s observation backs assertions by U.S. politicians including Representative Mike Rogers, a Michigan Republican and chairman of the House Intelligence Committee, that Iranian groups are behind recent cyber attacks.
Closely held Mandiant, based in Alexandria, Virginia, released a report in February concluding China’s People’s Liberation Army may be behind the hacking of at least 141 companies worldwide since 2006.
Mandiant is investigating the new group’s tactics and hasn’t concluded it’s backed by Iran’s government, Bejtlich said. “We don’t know if it’s the government,” he said. “We don’t know if they’re patriotic hackers.”
The group’s motivation isn’t clear, and Bejtlich wouldn’t name the U.S. company that has been infiltrated or what industry is involved.
“We haven’t seen these guys before,” Bejtlich said. “They are working their way through a network trying to figure out where can they go; who will find them; who will stop them.”
Allegations that the Iranian government is behind cyber attacks are “baseless,” Alireza Miryusefi, a spokesman for the country, said in an e-mailed statement. Iran has been repeatedly targeted in hacking attacks sponsored by other governments and wants an international legal framework to address issues surrounding cyber warfare, he said.
Mandiant tracks about two dozen groups considered to be the most aggressive attackers, known as advanced persistent threats. The majority of the groups are based in China while others are Russian or Eastern European, Bejtlich said.
Bejtlich said he is increasingly worried about cyber attacks escalating from espionage to sabotage, or the destruction of computer systems.
“No one’s been talking about that previously,” he said. “What I worry about is that someone’s going to make a decision to do that and either not think through the consequences or understand the consequences, or even care about the consequences.”
The House has passed legislation, H.R. 624, that would encourage information sharing about threats between the government and private sector.
Bejtlich said information sharing alone won’t stop cyber attacks. The group in China identified in Mandiant’s February report continues its attacks, for example, he said.
“There are plenty of sites that are still being attacked by the same group using the same methods and the same infrastructure,” Bejtlich said. “It’s clear that even when you make information completely free and just available for download, it’s not going to solve the world’s problems.”
He said legislation is needed clarifying that companies can protect their networks from attacks, and businesses need to remain vigilant.
“We respond to companies that are armed like Fort Knox and it didn’t make a difference,” he said. “If you’re a sufficiently juicy target, they will find their way in no matter what you have.”
Source: Inside of Iran
Dec 01, 2016 Comments Off on Saudi Arabia has been hit by a ‘digital bomb’ — possibly from Iran
Nov 12, 2014 Comments Off on Iran’s Emergence as a Cyber Power
Oct 10, 2014 Comments Off on Iran’s Emergence as a Cyber Power
Aug 27, 2014 Comments Off on The Iranian Cyber Offensive during Operation Protective Edge
Sep 17, 2018 Comments Off on Trump must start helping Iran’s minorities achieve regime change
Sep 13, 2018 Comments Off on Canadian MPs call on Ottawa to stand with Kurds after Iran missile attack
Aug 31, 2018 Comments Off on UN agency says Iran continues to meet nuclear obligations
Aug 29, 2018 Comments Off on Nikki Haley Warns That Iran Could Become ‘the Next North Korea’
Sep 17, 2018 Comments Off on Trump must start helping Iran’s minorities achieve regime changeTrump must start helping Iran’s minorities achieve regime change Trump must start helping Iran’s minorities achieve regime change The United States’ re-imposition of sanctions on Iran prompted the Iranians to...
Sep 13, 2018 Comments Off on Canadian MPs call on Ottawa to stand with Kurds after Iran missile attackCanadian MPs call on Ottawa to stand with Kurds after Iran missile attack Canadian MPs call on Ottawa to stand with Kurds after Iran missile attack Canada should always stand with its partners when they are under attack...
Jul 14, 2016 Comments Off on Corps’ one hundred thousand of triggered missiles in Lebanon:An official Israel-threatening by CorpsIran Briefing: Since August 7, 1979, when Ayatollah Khomeini declared the last Friday of Ramadhan as “Quds Day”, the Islamic Republic has always tried to hold an imposing ceremony by using state resources as well as requiring people’s involvement. This year’s Quds march had fundamental...