A previously unknown hacking group believed to be based in Iran has started cyber attacks inside the U.S., according to Mandiant Corp., a security company that’s linked China’s army to similar activity.
The Iranian group emerged within the last six months and has infiltrated the networks of at least one U.S. corporation, Richard Bejtlich, Mandiant’s chief security officer, said in an interview in Washington today.
“You’re starting to see the Iranians get more active,” Bejtlich said. “We’ve got at least one case where we think it’s Iran, and we think what they are doing is trying to gain some experience on a live network.”
Bejtlich’s observation backs assertions by U.S. politicians including Representative Mike Rogers, a Michigan Republican and chairman of the House Intelligence Committee, that Iranian groups are behind recent cyber attacks.
Closely held Mandiant, based in Alexandria, Virginia, released a report in February concluding China’s People’s Liberation Army may be behind the hacking of at least 141 companies worldwide since 2006.
Mandiant is investigating the new group’s tactics and hasn’t concluded it’s backed by Iran’s government, Bejtlich said. “We don’t know if it’s the government,” he said. “We don’t know if they’re patriotic hackers.”
The group’s motivation isn’t clear, and Bejtlich wouldn’t name the U.S. company that has been infiltrated or what industry is involved.
“We haven’t seen these guys before,” Bejtlich said. “They are working their way through a network trying to figure out where can they go; who will find them; who will stop them.”
Allegations that the Iranian government is behind cyber attacks are “baseless,” Alireza Miryusefi, a spokesman for the country, said in an e-mailed statement. Iran has been repeatedly targeted in hacking attacks sponsored by other governments and wants an international legal framework to address issues surrounding cyber warfare, he said.
Mandiant tracks about two dozen groups considered to be the most aggressive attackers, known as advanced persistent threats. The majority of the groups are based in China while others are Russian or Eastern European, Bejtlich said.
Bejtlich said he is increasingly worried about cyber attacks escalating from espionage to sabotage, or the destruction of computer systems.
“No one’s been talking about that previously,” he said. “What I worry about is that someone’s going to make a decision to do that and either not think through the consequences or understand the consequences, or even care about the consequences.”
The House has passed legislation, H.R. 624, that would encourage information sharing about threats between the government and private sector.
Bejtlich said information sharing alone won’t stop cyber attacks. The group in China identified in Mandiant’s February report continues its attacks, for example, he said.
“There are plenty of sites that are still being attacked by the same group using the same methods and the same infrastructure,” Bejtlich said. “It’s clear that even when you make information completely free and just available for download, it’s not going to solve the world’s problems.”
He said legislation is needed clarifying that companies can protect their networks from attacks, and businesses need to remain vigilant.
“We respond to companies that are armed like Fort Knox and it didn’t make a difference,” he said. “If you’re a sufficiently juicy target, they will find their way in no matter what you have.”
Source: Inside of Iran
Dec 01, 2016 Comments Off on Saudi Arabia has been hit by a ‘digital bomb’ — possibly from Iran
Nov 12, 2014 Comments Off on Iran’s Emergence as a Cyber Power
Oct 10, 2014 Comments Off on Iran’s Emergence as a Cyber Power
Aug 27, 2014 Comments Off on The Iranian Cyber Offensive during Operation Protective Edge
Mar 16, 2018 Comments Off on Mattis accuses Iran of meddling in Iraq’s elections
Feb 13, 2018 Comments Off on Iran unveils nuclear ready ballistic missile during military parade that can hit Israel
Feb 06, 2018 Comments Off on Iran ‘Mass Producing’ Drones Strapped with Smart Bombs
Feb 01, 2018 Comments Off on Germany urges end to Iranian executions
Mar 16, 2018 Comments Off on Mattis accuses Iran of meddling in Iraq’s electionsMattis accuses Iran of meddling in Iraq’s elections Iran is funnelling money into Iraq to influence the outcome of its elections, the US Defence Secretary James Mattis said, calling it part of a broader pattern of...
Feb 13, 2018 Comments Off on Iran unveils nuclear ready ballistic missile during military parade that can hit IsraelIran unveils nuclear ready ballistic missile during military parade that can hit Israel Iran has unveiled a ballistic missile reportedly capable of carrying nuclear warheads and with a sufficient range to...
Jul 14, 2016 Comments Off on Corps’ one hundred thousand of triggered missiles in Lebanon:An official Israel-threatening by CorpsIran Briefing: Since August 7, 1979, when Ayatollah Khomeini declared the last Friday of Ramadhan as “Quds Day”, the Islamic Republic has always tried to hold an imposing ceremony by using state resources as well as requiring people’s involvement. This year’s Quds march had fundamental...