A previously unknown hacking group believed to be based in Iran has started cyber attacks inside the U.S., according to Mandiant Corp., a security company that’s linked China’s army to similar activity.
The Iranian group emerged within the last six months and has infiltrated the networks of at least one U.S. corporation, Richard Bejtlich, Mandiant’s chief security officer, said in an interview in Washington today.
“You’re starting to see the Iranians get more active,” Bejtlich said. “We’ve got at least one case where we think it’s Iran, and we think what they are doing is trying to gain some experience on a live network.”
Bejtlich’s observation backs assertions by U.S. politicians including Representative Mike Rogers, a Michigan Republican and chairman of the House Intelligence Committee, that Iranian groups are behind recent cyber attacks.
Closely held Mandiant, based in Alexandria, Virginia, released a report in February concluding China’s People’s Liberation Army may be behind the hacking of at least 141 companies worldwide since 2006.
Mandiant is investigating the new group’s tactics and hasn’t concluded it’s backed by Iran’s government, Bejtlich said. “We don’t know if it’s the government,” he said. “We don’t know if they’re patriotic hackers.”
The group’s motivation isn’t clear, and Bejtlich wouldn’t name the U.S. company that has been infiltrated or what industry is involved.
“We haven’t seen these guys before,” Bejtlich said. “They are working their way through a network trying to figure out where can they go; who will find them; who will stop them.”
Allegations that the Iranian government is behind cyber attacks are “baseless,” Alireza Miryusefi, a spokesman for the country, said in an e-mailed statement. Iran has been repeatedly targeted in hacking attacks sponsored by other governments and wants an international legal framework to address issues surrounding cyber warfare, he said.
Mandiant tracks about two dozen groups considered to be the most aggressive attackers, known as advanced persistent threats. The majority of the groups are based in China while others are Russian or Eastern European, Bejtlich said.
Bejtlich said he is increasingly worried about cyber attacks escalating from espionage to sabotage, or the destruction of computer systems.
“No one’s been talking about that previously,” he said. “What I worry about is that someone’s going to make a decision to do that and either not think through the consequences or understand the consequences, or even care about the consequences.”
The House has passed legislation, H.R. 624, that would encourage information sharing about threats between the government and private sector.
Bejtlich said information sharing alone won’t stop cyber attacks. The group in China identified in Mandiant’s February report continues its attacks, for example, he said.
“There are plenty of sites that are still being attacked by the same group using the same methods and the same infrastructure,” Bejtlich said. “It’s clear that even when you make information completely free and just available for download, it’s not going to solve the world’s problems.”
He said legislation is needed clarifying that companies can protect their networks from attacks, and businesses need to remain vigilant.
“We respond to companies that are armed like Fort Knox and it didn’t make a difference,” he said. “If you’re a sufficiently juicy target, they will find their way in no matter what you have.”
Source: Inside of Iran
Dec 01, 2016 Comments Off on Saudi Arabia has been hit by a ‘digital bomb’ — possibly from Iran
Nov 12, 2014 Comments Off on Iran’s Emergence as a Cyber Power
Oct 10, 2014 Comments Off on Iran’s Emergence as a Cyber Power
Aug 27, 2014 Comments Off on The Iranian Cyber Offensive during Operation Protective Edge
Nov 15, 2017 Comments Off on Iranian officials present a multi-million pound shopping list to free Nazanin Zaghari-Ratcliffe
Nov 06, 2017 Comments Off on Donald Trump blames Iran after Saudi Arabia is forced to blast a ballistic missile out of the sky as it headed for one of the kingdom’s main airports
Nov 02, 2017 Comments Off on IRAN: MEDIA AFFILIATED TO KHAMENEI EXPRESS FEAR OF SANCTIONS AGAINST IRGC
Oct 26, 2017 Comments Off on Iranian leader refuses any negotiation over ballistic missiles
Nov 15, 2017 Comments Off on Iranian officials present a multi-million pound shopping list to free Nazanin Zaghari-RatcliffeIranian officials present a multi-million pound shopping list to free Nazanin Zaghari-Ratcliffe IRANIAN officials have presented ministers with a multi-million pound shopping list of demands to free Nazanin...
Nov 06, 2017 Comments Off on Donald Trump blames Iran after Saudi Arabia is forced to blast a ballistic missile out of the sky as it headed for one of the kingdom’s main airportsDonald Trump blames Iran after Saudi Arabia is forced to blast a ballistic missile out of the sky as it headed for one of the kingdom’s main airports Saudi Arabia said its forces intercepted a ballistic missile...
Jul 14, 2016 Comments Off on Corps’ one hundred thousand of triggered missiles in Lebanon:An official Israel-threatening by CorpsIran Briefing: Since August 7, 1979, when Ayatollah Khomeini declared the last Friday of Ramadhan as “Quds Day”, the Islamic Republic has always tried to hold an imposing ceremony by using state resources as well as requiring people’s involvement. This year’s Quds march had fundamental...