What Cylance found is chilling indeed and needs to be call-to-action for governments and businesses worldwide. According to the report, a skillful and likely well-funded hacker team based in Iran has launched numerous data extraction attacks against electric utilities, oil and gas companies, airports, and other key infrastructure services in at least 16 countries.
Acknowledging the threat, the FBI reportedly issued a “Flash” advisory Dec. 12, warning businesses to be on the lookout for certain types of malicious software and techniques, along with advice to contact the FBI if companies believe they have been hit.
After 10 years of viewing China as the leading global threat to information security, security specialists need to realize that “Iran is the new China,” warns threat detection company Cylance. Released Dec. 2, Cylance’s “Operation Cleaver” report sums up a two-year investigation by the Irvine, California-based company.
Larger, More Sophisticated Attacks
“Hacking attacks sourced out of Iran are nothing new,” the report said, pointing to the security industry’s tracking of actors such as the Iranian Cyber Army since the early 2000s. However, that activity has become larger and more sophisticated in recent years, with the Iran-based “Operation Cleaver” targeting a much broader range of organizations in numerous countries around the world.
“Operation Cleaver has…focused on a wide array of targets, including energy producers and utilities, commercial airlines and airports, military intelligence, aerospace, hospitals, and even universities — with only ten of the targets based in the United States,” the report said. “Such broad targeting demonstrates to the world that Iran is no longer content to retaliate against the US and Israel alone. They have bigger intentions: to position themselves to impact critical infrastructure globally.”
Cylance said it released its report “sooner than we would have liked” because it believed it was important to expose to the world “Iran’s rising expertise.”
“The evidence and indicators of compromise we provide in this report will allow potentially unaware victims to detect and eliminate Cleaver’s incursions into their networks,” the report said.
Clear Pattern Emerging
We interviewed Cylance security researcher Justin Clarke to learn more about how his company first identified Operation Cleaver and what it has learned since then.
Clarke said Cylance’s investigation began after a client came to the company for help following a malware attack. As time went on, Cylance investigators realized that several other clients had experienced similar attacks. In each case, data from the targeted organization was being pushed to a particular file server, Clarke said. So Cylance accessed that file server and downloaded all the data it could.
That data, Clarke said, showed that someone based in Iran was launching an organized and sophisticated attack on a large number of key targets across countries including Canada, China, England, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey, the United Arab Emirates and the U.S. The attacks’ goals, Clarke said, did not appear to be downtime of IT systems, but “data exfiltration.”
Throughout its investigation, Cylance has been “in constant contact with law enforcement,” Clarke added, noting that the company’s primary contact has been with the FBI.
No One Is Safe
“Iran has not really been on the map yet,” Clarke said. However, Operation Cleaver “shows they are, I believe, flexing their muscles, and very skillfully.”
While the hacker team has not yet been identified, Clarke said it was also clear “it’s not one nerd in a basement….They’re skilled and potentially funded.”
With some media sources contacting Iranian sources ahead of the report’s release over the past couple of days, the hacker team has shown signs of going offline, Clarke said, although it’s unlikely its activities will cease. Meanwhile, security specialists and government agencies are continuing their work to try and identify those responsible.
Clarke said any organization, large or small, in any industry should be alert to the signs of a cyberattack, including spear phishing and SQL injection. They should also make sure their IT perimeters are secure and that they perform virus and malware scans “everywhere,” he said.
“It’s amazing how easily some of these companies are infiltrated,” he said. “In my opinion, everyone is a target.”
Iran Briefing | News Press Focus on Human Rights Violation by IRGC, Iran Human Rights
Mar 20, 2019 Comments Off on U.S. Official: Iran Destabilizing Region, Heightening Risks Of Arms Race
Mar 19, 2019 Comments Off on ANALYSIS: Iran making progress in plan for Israel’s annihilation
Mar 18, 2019 Comments Off on Iran’s embrace of Iraq shows US sanctions are working
Mar 18, 2019 Comments Off on IRANIAN COMMANDER: ALL OF ISRAEL WITHIN REACH OF HEZBOLLAH’S MISSILES
Mar 20, 2019 Comments Off on Iran nuclear chief: Construction of nuclear plants going well
Mar 19, 2019 Comments Off on U.S. Pressures Iraq Over Embrace of Militias Linked to Iran
Mar 19, 2019 Comments Off on Mike Pompeo returns to Middle East to urge action against Iran with 3 different partners
Mar 15, 2019 Comments Off on Iran Hacked Mobile Phone of Netanyahu’s Chief Election Rival
Mar 20, 2019 Comments Off on Iran nuclear chief: Construction of nuclear plants going wellIran nuclear chief: Construction of nuclear plants going well Iran nuclear chief: Construction of nuclear plants going well Ali Akbar Salehi, head of the Atomic Energy Organization of Iran, declared on Monday that his...
Mar 20, 2019 Comments Off on U.S. Official: Iran Destabilizing Region, Heightening Risks Of Arms RaceU.S. Official: Iran Destabilizing Region, Heightening Risks Of Arms Race U.S. Official: Iran Destabilizing Region, Heightening Risks Of Arms Race Iran’s missile program is destabilizing the Middle East and raising...
Jul 14, 2016 Comments Off on Corps’ one hundred thousand of triggered missiles in Lebanon:An official Israel-threatening by CorpsIran Briefing: Since August 7, 1979, when Ayatollah Khomeini declared the last Friday of Ramadhan as “Quds Day”, the Islamic Republic has always tried to hold an imposing ceremony by using state resources as well as requiring people’s involvement. This year’s Quds march had fundamental...