A previously unknown hacking group believed to be based in Iran has started cyber attacks inside the U.S., according to Mandiant Corp., a security company that’s linked China’s army to similar activity.
The Iranian group emerged within the last six months and has infiltrated the networks of at least one U.S. corporation, Richard Bejtlich, Mandiant’s chief security officer, said in an interview in Washington today.
“You’re starting to see the Iranians get more active,” Bejtlich said. “We’ve got at least one case where we think it’s Iran, and we think what they are doing is trying to gain some experience on a live network.”
Bejtlich’s observation backs assertions by U.S. politicians including Representative Mike Rogers, a Michigan Republican and chairman of the House Intelligence Committee, that Iranian groups are behind recent cyber attacks.
Closely held Mandiant, based in Alexandria, Virginia, released a report in February concluding China’s People’s Liberation Army may be behind the hacking of at least 141 companies worldwide since 2006.
Mandiant is investigating the new group’s tactics and hasn’t concluded it’s backed by Iran’s government, Bejtlich said. “We don’t know if it’s the government,” he said. “We don’t know if they’re patriotic hackers.”
The group’s motivation isn’t clear, and Bejtlich wouldn’t name the U.S. company that has been infiltrated or what industry is involved.
“We haven’t seen these guys before,” Bejtlich said. “They are working their way through a network trying to figure out where can they go; who will find them; who will stop them.”
Allegations that the Iranian government is behind cyber attacks are “baseless,” Alireza Miryusefi, a spokesman for the country, said in an e-mailed statement. Iran has been repeatedly targeted in hacking attacks sponsored by other governments and wants an international legal framework to address issues surrounding cyber warfare, he said.
Mandiant tracks about two dozen groups considered to be the most aggressive attackers, known as advanced persistent threats. The majority of the groups are based in China while others are Russian or Eastern European, Bejtlich said.
Bejtlich said he is increasingly worried about cyber attacks escalating from espionage to sabotage, or the destruction of computer systems.
“No one’s been talking about that previously,” he said. “What I worry about is that someone’s going to make a decision to do that and either not think through the consequences or understand the consequences, or even care about the consequences.”
The House has passed legislation, H.R. 624, that would encourage information sharing about threats between the government and private sector.
Bejtlich said information sharing alone won’t stop cyber attacks. The group in China identified in Mandiant’s February report continues its attacks, for example, he said.
“There are plenty of sites that are still being attacked by the same group using the same methods and the same infrastructure,” Bejtlich said. “It’s clear that even when you make information completely free and just available for download, it’s not going to solve the world’s problems.”
He said legislation is needed clarifying that companies can protect their networks from attacks, and businesses need to remain vigilant.
“We respond to companies that are armed like Fort Knox and it didn’t make a difference,” he said. “If you’re a sufficiently juicy target, they will find their way in no matter what you have.”
Source: Inside of Iran
Jan 28, 2019 Comments Off on EU agency says Iran likely to step up cyber espionage
Dec 31, 2018 Comments Off on Revealed: How Iran wages ‘CYBER TERRORISM’ to secretly spy on MILLIONS and incite ‘CHAOS’
Nov 10, 2018 Comments Off on U.S. must prepare for escalation of Iranian cyber attacks, experts say
Dec 01, 2016 Comments Off on Saudi Arabia has been hit by a ‘digital bomb’ — possibly from Iran
Feb 16, 2019 Comments Off on Mike Pence claims Iran is planning a ‘new Holocaust’ to destroy Israel
Feb 16, 2019 Comments Off on IRAN’S ‘TOXIC MONEY’ PREVENTING ISRAELI-PALESTINIAN PEACE- BAHRAINI FM
Feb 15, 2019 Comments Off on Netanyahu on Reported Attack: Israel ‘Constantly Operating’ Against Iran in Syria
Feb 15, 2019 Comments Off on Pence urges Europe to quit Iran deal, stop busting sanctions
Feb 16, 2019 Comments Off on Mike Pence claims Iran is planning a ‘new Holocaust’ to destroy IsraelMike Pence claims Iran is planning a ‘new Holocaust’ to destroy Israel Mike Pence claims Iran is planning a ‘new Holocaust’ to destroy Israel Iran is planning a “new Holocaust” to destroy Israel, US vice...
Feb 16, 2019 Comments Off on IRAN’S ‘TOXIC MONEY’ PREVENTING ISRAELI-PALESTINIAN PEACE- BAHRAINI FMIRAN’S ‘TOXIC MONEY’ PREVENTING ISRAELI-PALESTINIAN PEACE- BAHRAINI FM IRAN’S ‘TOXIC MONEY’ PREVENTING ISRAELI-PALESTINIAN PEACE- BAHRAINI FM Iran’s “toxic” funding of violence in the region...
Jul 14, 2016 Comments Off on Corps’ one hundred thousand of triggered missiles in Lebanon:An official Israel-threatening by CorpsIran Briefing: Since August 7, 1979, when Ayatollah Khomeini declared the last Friday of Ramadhan as “Quds Day”, the Islamic Republic has always tried to hold an imposing ceremony by using state resources as well as requiring people’s involvement. This year’s Quds march had fundamental...