What Cylance found is chilling indeed and needs to be call-to-action for governments and businesses worldwide. According to the report, a skillful and likely well-funded hacker team based in Iran has launched numerous data extraction attacks against electric utilities, oil and gas companies, airports, and other key infrastructure services in at least 16 countries.
Acknowledging the threat, the FBI reportedly issued a “Flash” advisory Dec. 12, warning businesses to be on the lookout for certain types of malicious software and techniques, along with advice to contact the FBI if companies believe they have been hit.
After 10 years of viewing China as the leading global threat to information security, security specialists need to realize that “Iran is the new China,” warns threat detection company Cylance. Released Dec. 2, Cylance’s “Operation Cleaver” report sums up a two-year investigation by the Irvine, California-based company.
Larger, More Sophisticated Attacks
“Hacking attacks sourced out of Iran are nothing new,” the report said, pointing to the security industry’s tracking of actors such as the Iranian Cyber Army since the early 2000s. However, that activity has become larger and more sophisticated in recent years, with the Iran-based “Operation Cleaver” targeting a much broader range of organizations in numerous countries around the world.
“Operation Cleaver has…focused on a wide array of targets, including energy producers and utilities, commercial airlines and airports, military intelligence, aerospace, hospitals, and even universities — with only ten of the targets based in the United States,” the report said. “Such broad targeting demonstrates to the world that Iran is no longer content to retaliate against the US and Israel alone. They have bigger intentions: to position themselves to impact critical infrastructure globally.”
Cylance said it released its report “sooner than we would have liked” because it believed it was important to expose to the world “Iran’s rising expertise.”
“The evidence and indicators of compromise we provide in this report will allow potentially unaware victims to detect and eliminate Cleaver’s incursions into their networks,” the report said.
Clear Pattern Emerging
We interviewed Cylance security researcher Justin Clarke to learn more about how his company first identified Operation Cleaver and what it has learned since then.
Clarke said Cylance’s investigation began after a client came to the company for help following a malware attack. As time went on, Cylance investigators realized that several other clients had experienced similar attacks. In each case, data from the targeted organization was being pushed to a particular file server, Clarke said. So Cylance accessed that file server and downloaded all the data it could.
That data, Clarke said, showed that someone based in Iran was launching an organized and sophisticated attack on a large number of key targets across countries including Canada, China, England, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey, the United Arab Emirates and the U.S. The attacks’ goals, Clarke said, did not appear to be downtime of IT systems, but “data exfiltration.”
Throughout its investigation, Cylance has been “in constant contact with law enforcement,” Clarke added, noting that the company’s primary contact has been with the FBI.
No One Is Safe
“Iran has not really been on the map yet,” Clarke said. However, Operation Cleaver “shows they are, I believe, flexing their muscles, and very skillfully.”
While the hacker team has not yet been identified, Clarke said it was also clear “it’s not one nerd in a basement….They’re skilled and potentially funded.”
With some media sources contacting Iranian sources ahead of the report’s release over the past couple of days, the hacker team has shown signs of going offline, Clarke said, although it’s unlikely its activities will cease. Meanwhile, security specialists and government agencies are continuing their work to try and identify those responsible.
Clarke said any organization, large or small, in any industry should be alert to the signs of a cyberattack, including spear phishing and SQL injection. They should also make sure their IT perimeters are secure and that they perform virus and malware scans “everywhere,” he said.
“It’s amazing how easily some of these companies are infiltrated,” he said. “In my opinion, everyone is a target.”
Iran Briefing | News Press Focus on Human Rights Violation by IRGC, Iran Human Rights
May 22, 2020 Comments Off on Iran leader says Israel a ‘cancerous tumor’ to be destroyed
May 22, 2020 Comments Off on Iran picks cyber fight with Israel as both sides target critical infrastructure
May 22, 2020 Comments Off on Collapse of Israeli regime perceptible: IRGC
May 21, 2020 Comments Off on Exclusive: In veiled warning to Iran, U.S. tells Gulf mariners to stay clear of its warships
May 19, 2020 Comments Off on Iranian Officials Say Minimal Damage At Ancient Jewish Site After Allegations Of Arson Attack
May 19, 2020 Comments Off on IRGC exploits pandemic to solidify control
May 13, 2020 Comments Off on Iranian Army says technical error behind deadly friendly fire incident
May 03, 2020 Comments Off on Iran Has Far More Coronavirus Cases Than It Is Letting On
May 22, 2020 Comments Off on Iran leader says Israel a ‘cancerous tumor’ to be destroyedIran’s supreme leader on Friday called Israel a “cancerous tumor” that “will undoubtedly be uprooted and destroyed” in an annual speech in support of the Palestinians, renewing threats against...
May 22, 2020 Comments Off on Iran picks cyber fight with Israel as both sides target critical infrastructureThe simmering cyber conflict between Iran and Israel reached a boiling point this week as the two enemies have been going tit-for-tat in an effort to quietly take down critical infrastructure that...
Feb 10, 2020 Comments Off on Qasem Soleimani, a hero or a terrorist?On 3rd of January a news spread in social media regarding Qasem Soleimani and AbuMahdi Mohandes who has died by a US drone strike near Baghdad Airport and this was the end of their lives. In social media, especially Iranian users, there was a chaotic situation, some called of “the general of...