A previously unknown hacking group believed to be based in Iran has started cyber attacks inside the U.S., according to Mandiant Corp., a security company that’s linked China’s army to similar activity.
The Iranian group emerged within the last six months and has infiltrated the networks of at least one U.S. corporation, Richard Bejtlich, Mandiant’s chief security officer, said in an interview in Washington today.
“You’re starting to see the Iranians get more active,” Bejtlich said. “We’ve got at least one case where we think it’s Iran, and we think what they are doing is trying to gain some experience on a live network.”
Bejtlich’s observation backs assertions by U.S. politicians including Representative Mike Rogers, a Michigan Republican and chairman of the House Intelligence Committee, that Iranian groups are behind recent cyber attacks.
Closely held Mandiant, based in Alexandria, Virginia, released a report in February concluding China’s People’s Liberation Army may be behind the hacking of at least 141 companies worldwide since 2006.
Mandiant is investigating the new group’s tactics and hasn’t concluded it’s backed by Iran’s government, Bejtlich said. “We don’t know if it’s the government,” he said. “We don’t know if they’re patriotic hackers.”
The group’s motivation isn’t clear, and Bejtlich wouldn’t name the U.S. company that has been infiltrated or what industry is involved.
“We haven’t seen these guys before,” Bejtlich said. “They are working their way through a network trying to figure out where can they go; who will find them; who will stop them.”
Allegations that the Iranian government is behind cyber attacks are “baseless,” Alireza Miryusefi, a spokesman for the country, said in an e-mailed statement. Iran has been repeatedly targeted in hacking attacks sponsored by other governments and wants an international legal framework to address issues surrounding cyber warfare, he said.
Mandiant tracks about two dozen groups considered to be the most aggressive attackers, known as advanced persistent threats. The majority of the groups are based in China while others are Russian or Eastern European, Bejtlich said.
Bejtlich said he is increasingly worried about cyber attacks escalating from espionage to sabotage, or the destruction of computer systems.
“No one’s been talking about that previously,” he said. “What I worry about is that someone’s going to make a decision to do that and either not think through the consequences or understand the consequences, or even care about the consequences.”
The House has passed legislation, H.R. 624, that would encourage information sharing about threats between the government and private sector.
Bejtlich said information sharing alone won’t stop cyber attacks. The group in China identified in Mandiant’s February report continues its attacks, for example, he said.
“There are plenty of sites that are still being attacked by the same group using the same methods and the same infrastructure,” Bejtlich said. “It’s clear that even when you make information completely free and just available for download, it’s not going to solve the world’s problems.”
He said legislation is needed clarifying that companies can protect their networks from attacks, and businesses need to remain vigilant.
“We respond to companies that are armed like Fort Knox and it didn’t make a difference,” he said. “If you’re a sufficiently juicy target, they will find their way in no matter what you have.”
Source: Inside of Iran
Nov 10, 2018 Comments Off on U.S. must prepare for escalation of Iranian cyber attacks, experts say
Dec 01, 2016 Comments Off on Saudi Arabia has been hit by a ‘digital bomb’ — possibly from Iran
Nov 12, 2014 Comments Off on Iran’s Emergence as a Cyber Power
Oct 10, 2014 Comments Off on Iran’s Emergence as a Cyber Power
Nov 16, 2018 Comments Off on Countering Iran’s Global Terrorism
Nov 16, 2018 Comments Off on Iran Was Closer to a Nuclear Bomb Than Intelligence Agencies Thought
Nov 15, 2018 Comments Off on Iran IRGC Brags About Its “Bases From Red Sea To Mediterranean”, Suggests US Will Leave Iraq
Nov 15, 2018 Comments Off on U.S. Treasury sanctions key Hezbollah, Iran-related networks in Iraq
Nov 13, 2018 Comments Off on U.S. Sanctions Against Iran Might Not Prove Important To Oil MarketsU.S. Sanctions Against Iran Might Not Prove Important To Oil Markets U.S. Sanctions Against Iran Might Not Prove Important To Oil Markets So, U.S. sanctions on Iran were fully implemented on Monday, fully but not...
Nov 09, 2018 Comments Off on CAN SANCTIONS BRING REGIME CHANGE IN IRAN?CAN SANCTIONS BRING REGIME CHANGEIN IRAN? CAN SANCTIONS BRING REGIME CHANGEIN IRAN? On November 5, the United States imposed a comprehensive set of sanctions on Iran, which were characterized by United States...
Jul 14, 2016 Comments Off on Corps’ one hundred thousand of triggered missiles in Lebanon:An official Israel-threatening by CorpsIran Briefing: Since August 7, 1979, when Ayatollah Khomeini declared the last Friday of Ramadhan as “Quds Day”, the Islamic Republic has always tried to hold an imposing ceremony by using state resources as well as requiring people’s involvement. This year’s Quds march had fundamental...