What Cylance found is chilling indeed and needs to be call-to-action for governments and businesses worldwide. According to the report, a skillful and likely well-funded hacker team based in Iran has launched numerous data extraction attacks against electric utilities, oil and gas companies, airports, and other key infrastructure services in at least 16 countries.
Acknowledging the threat, the FBI reportedly issued a “Flash” advisory Dec. 12, warning businesses to be on the lookout for certain types of malicious software and techniques, along with advice to contact the FBI if companies believe they have been hit.
After 10 years of viewing China as the leading global threat to information security, security specialists need to realize that “Iran is the new China,” warns threat detection company Cylance. Released Dec. 2, Cylance’s “Operation Cleaver” report sums up a two-year investigation by the Irvine, California-based company.
Larger, More Sophisticated Attacks
“Hacking attacks sourced out of Iran are nothing new,” the report said, pointing to the security industry’s tracking of actors such as the Iranian Cyber Army since the early 2000s. However, that activity has become larger and more sophisticated in recent years, with the Iran-based “Operation Cleaver” targeting a much broader range of organizations in numerous countries around the world.
“Operation Cleaver has…focused on a wide array of targets, including energy producers and utilities, commercial airlines and airports, military intelligence, aerospace, hospitals, and even universities — with only ten of the targets based in the United States,” the report said. “Such broad targeting demonstrates to the world that Iran is no longer content to retaliate against the US and Israel alone. They have bigger intentions: to position themselves to impact critical infrastructure globally.”
Cylance said it released its report “sooner than we would have liked” because it believed it was important to expose to the world “Iran’s rising expertise.”
“The evidence and indicators of compromise we provide in this report will allow potentially unaware victims to detect and eliminate Cleaver’s incursions into their networks,” the report said.
Clear Pattern Emerging
We interviewed Cylance security researcher Justin Clarke to learn more about how his company first identified Operation Cleaver and what it has learned since then.
Clarke said Cylance’s investigation began after a client came to the company for help following a malware attack. As time went on, Cylance investigators realized that several other clients had experienced similar attacks. In each case, data from the targeted organization was being pushed to a particular file server, Clarke said. So Cylance accessed that file server and downloaded all the data it could.
That data, Clarke said, showed that someone based in Iran was launching an organized and sophisticated attack on a large number of key targets across countries including Canada, China, England, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey, the United Arab Emirates and the U.S. The attacks’ goals, Clarke said, did not appear to be downtime of IT systems, but “data exfiltration.”
Throughout its investigation, Cylance has been “in constant contact with law enforcement,” Clarke added, noting that the company’s primary contact has been with the FBI.
No One Is Safe
“Iran has not really been on the map yet,” Clarke said. However, Operation Cleaver “shows they are, I believe, flexing their muscles, and very skillfully.”
While the hacker team has not yet been identified, Clarke said it was also clear “it’s not one nerd in a basement….They’re skilled and potentially funded.”
With some media sources contacting Iranian sources ahead of the report’s release over the past couple of days, the hacker team has shown signs of going offline, Clarke said, although it’s unlikely its activities will cease. Meanwhile, security specialists and government agencies are continuing their work to try and identify those responsible.
Clarke said any organization, large or small, in any industry should be alert to the signs of a cyberattack, including spear phishing and SQL injection. They should also make sure their IT perimeters are secure and that they perform virus and malware scans “everywhere,” he said.
“It’s amazing how easily some of these companies are infiltrated,” he said. “In my opinion, everyone is a target.”
Iran Briefing | News Press Focus on Human Rights Violation by IRGC, Iran Human Rights
Jan 16, 2019 Comments Off on ISRAEL SAYS IT CAN FIGHT MORE THAN ONE WAR AT A TIME, TELLS IRAN TO ‘GET OUT’ OF SYRIA
Jan 15, 2019 Comments Off on Iran is at it again: Another American has been taken by the regime
Jan 14, 2019 Comments Off on National Security Council asked for military options to strike Iran, report says
Jan 14, 2019 Comments Off on Is Tehran spying on Southern California? Feds say O.C. waiter and ‘Chubby’ from Long Beach were agents of Iran
Jan 16, 2019 Comments Off on Germany arrests linguist, accuses him of passing military secrets to Iran
Jan 15, 2019 Comments Off on Trump Asked Mattis for Plan to Blow Up Iranian ‘Fast Boats,’ Report Says
Jan 15, 2019 Comments Off on Cutting The Head Off The Quds Force Snake: A Warning To Iran’s Terror Master
Jan 15, 2019 Comments Off on Senior US official vows to counter Iran on Lebanon visit
Jan 16, 2019 Comments Off on Germany arrests linguist, accuses him of passing military secrets to IranGermany arrests linguist, accuses him of passing military secrets to Iran Germany arrests linguist, accuses him of passing military secrets to Iran German police have arrested a 50-year-old Afghan-German man suspected...
Jan 16, 2019 Comments Off on ISRAEL SAYS IT CAN FIGHT MORE THAN ONE WAR AT A TIME, TELLS IRAN TO ‘GET OUT’ OF SYRIAISRAEL SAYS IT CAN FIGHT MORE THAN ONE WAR AT A TIME, TELLS IRAN TO ‘GET OUT’ OF SYRIA ISRAEL SAYS IT CAN FIGHT MORE THAN ONE WAR AT A TIME, TELLS IRAN TO ‘GET OUT’ OF SYRIA Israeli Prime Minister Benjamin...
Jul 14, 2016 Comments Off on Corps’ one hundred thousand of triggered missiles in Lebanon:An official Israel-threatening by CorpsIran Briefing: Since August 7, 1979, when Ayatollah Khomeini declared the last Friday of Ramadhan as “Quds Day”, the Islamic Republic has always tried to hold an imposing ceremony by using state resources as well as requiring people’s involvement. This year’s Quds march had fundamental...