What Cylance found is chilling indeed and needs to be call-to-action for governments and businesses worldwide. According to the report, a skillful and likely well-funded hacker team based in Iran has launched numerous data extraction attacks against electric utilities, oil and gas companies, airports, and other key infrastructure services in at least 16 countries.
Acknowledging the threat, the FBI reportedly issued a “Flash” advisory Dec. 12, warning businesses to be on the lookout for certain types of malicious software and techniques, along with advice to contact the FBI if companies believe they have been hit.
After 10 years of viewing China as the leading global threat to information security, security specialists need to realize that “Iran is the new China,” warns threat detection company Cylance. Released Dec. 2, Cylance’s “Operation Cleaver” report sums up a two-year investigation by the Irvine, California-based company.
Larger, More Sophisticated Attacks
“Hacking attacks sourced out of Iran are nothing new,” the report said, pointing to the security industry’s tracking of actors such as the Iranian Cyber Army since the early 2000s. However, that activity has become larger and more sophisticated in recent years, with the Iran-based “Operation Cleaver” targeting a much broader range of organizations in numerous countries around the world.
“Operation Cleaver has…focused on a wide array of targets, including energy producers and utilities, commercial airlines and airports, military intelligence, aerospace, hospitals, and even universities — with only ten of the targets based in the United States,” the report said. “Such broad targeting demonstrates to the world that Iran is no longer content to retaliate against the US and Israel alone. They have bigger intentions: to position themselves to impact critical infrastructure globally.”
Cylance said it released its report “sooner than we would have liked” because it believed it was important to expose to the world “Iran’s rising expertise.”
“The evidence and indicators of compromise we provide in this report will allow potentially unaware victims to detect and eliminate Cleaver’s incursions into their networks,” the report said.
Clear Pattern Emerging
We interviewed Cylance security researcher Justin Clarke to learn more about how his company first identified Operation Cleaver and what it has learned since then.
Clarke said Cylance’s investigation began after a client came to the company for help following a malware attack. As time went on, Cylance investigators realized that several other clients had experienced similar attacks. In each case, data from the targeted organization was being pushed to a particular file server, Clarke said. So Cylance accessed that file server and downloaded all the data it could.
That data, Clarke said, showed that someone based in Iran was launching an organized and sophisticated attack on a large number of key targets across countries including Canada, China, England, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey, the United Arab Emirates and the U.S. The attacks’ goals, Clarke said, did not appear to be downtime of IT systems, but “data exfiltration.”
Throughout its investigation, Cylance has been “in constant contact with law enforcement,” Clarke added, noting that the company’s primary contact has been with the FBI.
No One Is Safe
“Iran has not really been on the map yet,” Clarke said. However, Operation Cleaver “shows they are, I believe, flexing their muscles, and very skillfully.”
While the hacker team has not yet been identified, Clarke said it was also clear “it’s not one nerd in a basement….They’re skilled and potentially funded.”
With some media sources contacting Iranian sources ahead of the report’s release over the past couple of days, the hacker team has shown signs of going offline, Clarke said, although it’s unlikely its activities will cease. Meanwhile, security specialists and government agencies are continuing their work to try and identify those responsible.
Clarke said any organization, large or small, in any industry should be alert to the signs of a cyberattack, including spear phishing and SQL injection. They should also make sure their IT perimeters are secure and that they perform virus and malware scans “everywhere,” he said.
“It’s amazing how easily some of these companies are infiltrated,” he said. “In my opinion, everyone is a target.”
Iran Briefing | News Press Focus on Human Rights Violation by IRGC, Iran Human Rights
Jul 19, 2019 Comments Off on U.S. To Send 500 Troops To Saudi Arabia In ‘Show of Force’ Toward Iran
Jul 18, 2019 Comments Off on Iran deploying proxies to resist US coercion?
Jul 18, 2019 Comments Off on How Iraq Is Helping Iran Survive US Sanctions
Jul 17, 2019 Comments Off on We Asked Two Experts If a War with Iran Is Coming
Jul 12, 2019 Comments Off on Iran Is Training Iraqis to Shoot Missiles at Israel, and the U.S. Is Paying for It
Jul 12, 2019 Comments Off on The 120 Year Struggle of the Iranian People for Freedom
Jul 05, 2019 Comments Off on How Iraqi-Iranian militias’ arms trafficking networks bypass US sanctions
Jun 28, 2019 Comments Off on The US Exploration Drone has been Targeted by the Iranian Army Air Defense Force
Jul 19, 2019 Comments Off on U.S. To Send 500 Troops To Saudi Arabia In ‘Show of Force’ Toward IranU.S. To Send 500 Troops To Saudi Arabia In ‘Show of Force’ Toward Iran U.S. To Send 500 Troops To Saudi Arabia In ‘Show of Force’ Toward Iran The Trump administration is preparing to send 500 U.S. troops to...
Jul 12, 2019 Comments Off on The 120 Year Struggle of the Iranian People for FreedomThe 120 Year Struggle of the Iranian People for Freedom The 120 Year Struggle of the Iranian People for Freedom INU – During the second day of international conferences in Ashraf 3 in Albania, a panel of...
Mar 27, 2019 Comments Off on U.S. sanctions firms accused of helping fund Iran’s Revolutionary GuardsU.S. sanctions firms accused of helping fund Iran’s Revolutionary Guards U.S. sanctions firms accused of helping fund Iran’s Revolutionary Guards The United States on Tuesday imposed fresh sanctions on a network of companies and people in Iran, Turkey and the United Arab Emirates it...