What Cylance found is chilling indeed and needs to be call-to-action for governments and businesses worldwide. According to the report, a skillful and likely well-funded hacker team based in Iran has launched numerous data extraction attacks against electric utilities, oil and gas companies, airports, and other key infrastructure services in at least 16 countries.
Acknowledging the threat, the FBI reportedly issued a “Flash” advisory Dec. 12, warning businesses to be on the lookout for certain types of malicious software and techniques, along with advice to contact the FBI if companies believe they have been hit.
After 10 years of viewing China as the leading global threat to information security, security specialists need to realize that “Iran is the new China,” warns threat detection company Cylance. Released Dec. 2, Cylance’s “Operation Cleaver” report sums up a two-year investigation by the Irvine, California-based company.
Larger, More Sophisticated Attacks
“Hacking attacks sourced out of Iran are nothing new,” the report said, pointing to the security industry’s tracking of actors such as the Iranian Cyber Army since the early 2000s. However, that activity has become larger and more sophisticated in recent years, with the Iran-based “Operation Cleaver” targeting a much broader range of organizations in numerous countries around the world.
“Operation Cleaver has…focused on a wide array of targets, including energy producers and utilities, commercial airlines and airports, military intelligence, aerospace, hospitals, and even universities — with only ten of the targets based in the United States,” the report said. “Such broad targeting demonstrates to the world that Iran is no longer content to retaliate against the US and Israel alone. They have bigger intentions: to position themselves to impact critical infrastructure globally.”
Cylance said it released its report “sooner than we would have liked” because it believed it was important to expose to the world “Iran’s rising expertise.”
“The evidence and indicators of compromise we provide in this report will allow potentially unaware victims to detect and eliminate Cleaver’s incursions into their networks,” the report said.
Clear Pattern Emerging
We interviewed Cylance security researcher Justin Clarke to learn more about how his company first identified Operation Cleaver and what it has learned since then.
Clarke said Cylance’s investigation began after a client came to the company for help following a malware attack. As time went on, Cylance investigators realized that several other clients had experienced similar attacks. In each case, data from the targeted organization was being pushed to a particular file server, Clarke said. So Cylance accessed that file server and downloaded all the data it could.
That data, Clarke said, showed that someone based in Iran was launching an organized and sophisticated attack on a large number of key targets across countries including Canada, China, England, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey, the United Arab Emirates and the U.S. The attacks’ goals, Clarke said, did not appear to be downtime of IT systems, but “data exfiltration.”
Throughout its investigation, Cylance has been “in constant contact with law enforcement,” Clarke added, noting that the company’s primary contact has been with the FBI.
No One Is Safe
“Iran has not really been on the map yet,” Clarke said. However, Operation Cleaver “shows they are, I believe, flexing their muscles, and very skillfully.”
While the hacker team has not yet been identified, Clarke said it was also clear “it’s not one nerd in a basement….They’re skilled and potentially funded.”
With some media sources contacting Iranian sources ahead of the report’s release over the past couple of days, the hacker team has shown signs of going offline, Clarke said, although it’s unlikely its activities will cease. Meanwhile, security specialists and government agencies are continuing their work to try and identify those responsible.
Clarke said any organization, large or small, in any industry should be alert to the signs of a cyberattack, including spear phishing and SQL injection. They should also make sure their IT perimeters are secure and that they perform virus and malware scans “everywhere,” he said.
“It’s amazing how easily some of these companies are infiltrated,” he said. “In my opinion, everyone is a target.”
Iran Briefing | News Press Focus on Human Rights Violation by IRGC, Iran Human Rights
Jul 16, 2018 Comments Off on Iran is Imprisoning University Students Accused of Attending Protests
Jul 15, 2018 Comments Off on How the Iran deal is bringing terror to Europe and other commentary
Jul 13, 2018 Comments Off on Trump Says Iran Will Seek Deal To Ease Economic ‘Pain’ From Sanctions
Jul 10, 2018 Comments Off on Iran vows to sell as much oil as it can in face of U.S. sanctions
Jul 19, 2018 Comments Off on Rouhani Facing Widespread Outrage as Student Protesters Remain Behind Bars and Receive Harsh Sentences
Jul 18, 2018 Comments Off on Iran Sues U.S. Over Broken Nuclear Deal and Reimposed Sanctions
Jul 11, 2018 Comments Off on US says that Iran is training terrorists in Iraq
Jul 09, 2018 Comments Off on Iran detains teen over Instagram dance videos
Jul 18, 2018 Comments Off on Iran Sues U.S. Over Broken Nuclear Deal and Reimposed SanctionsIran Sues U.S. Over Broken Nuclear Deal and Reimposed Sanctions Iran has sued the United States at the International Court of Justice in a new, if dubious, strategy to nullify the nuclear sanctions reimposed by...
Jul 15, 2018 Comments Off on How the Iran deal is bringing terror to Europe and other commentaryHow the Iran deal is bringing terror to Europe and other commentary America’s socialists are taking the Democratic Party by storm and New York City is leading the way. So Charles Lane at The Washington Post...
Jul 14, 2016 Comments Off on Corps’ one hundred thousand of triggered missiles in Lebanon:An official Israel-threatening by CorpsIran Briefing: Since August 7, 1979, when Ayatollah Khomeini declared the last Friday of Ramadhan as “Quds Day”, the Islamic Republic has always tried to hold an imposing ceremony by using state resources as well as requiring people’s involvement. This year’s Quds march had fundamental...