An infamous Iranian hacker group may be targeting industrial control systems to cause major disruptions in power grids, oil refineries, and other physical energy assets, in an apparent sharpened focus on cyber warfare on critical industries.Iranian Hackers
These attempts by Iranian hackers to infiltrate systems controlling energy assets come at a time of heightened tension between the United States and Iran and at a time of increased cyber threats to the energy industry in the United States and globally.
Iranian hacker group APT33—also known as Elfin, Refined Kitten, and Holmium—is thought to have recently shifted its focus from IT networks onto industrial control systems (ICS) that control utilities and oil refineries, among other industries, Microsoft security researcher Ned Moran tells WIRED’s senior writer Andy Greenberg.
Moran presented Microsoft’s findings at the CyberwarCon conference in Arlington, Virginia, this week. Those findings show that the Iranian hackers have narrowed over the past two months their password spraying—attempts to access a large number of accounts with a few common passwords—onto around 2,000 organizations, but have increased the number of targeted accounts. According to Microsoft’s Moran, half of the 25 top organizations that the hackers try to hack are industrial control system (ICS) manufacturers and providers.
It’s unclear if the hackers have cracked any of the systems they attempted to hack. Their motivation is also unclear, but Microsoft’s Moran thinks that the ultimate goal is to try to gain access to a system in order to carry out a physically devastating attack on critical infrastructure, such as energy infrastructure.
By targeting ICS, the Iranian hackers are “trying to find the downstream customer, to find out how they work and who uses them. They’re looking to inflict some pain on someone’s critical infrastructure that makes use of these control systems,” Moran told WIRED.Related: This Large Oil Producer Is Facing A Major Refining Crisis
Cybersecurity solutions firms Trend Micro said earlier this month that it believes the APT33 group has been using about a dozen live Command and Control (C&C) servers for extremely narrow targeting against organizations in the Middle East, the United States, and Asia.
The apparent shift in the Iranian hacker group’s focus highlights the threats to critical U.S. infrastructure, including energy infrastructure, which has seen the frequency of cyberattacks increase over the past couple of years.
Last year, the same Iranian hacker group stepped up its attacks on a variety of companies in the Persian Gulf, including energy firms.
According to The National, there is wide belief that the hacker group is linked to the government in Tehran, with the attacks becoming more frequent after U.S. President Donald Trump pulled the Untied States out of the Iran nuclear deal.
Iran Briefing | News Press Focus on Human Rights Violation by IRGC, Iran Human Rights
Sep 19, 2020 Comments Off on Trump to declare Iran sanctions ‘snapback’ in virtual address to UN
Sep 19, 2020 Comments Off on Nuclear deal with Iran to be killed by Trump before UN speech
Sep 19, 2020 Comments Off on E3 says Iran sanctions relief to continue beyond Sep. 20
Sep 18, 2020 Comments Off on US sanctions on Iran futile, not to work: Lavrov
Aug 16, 2020 Comments Off on Foreign Minister Says Ukraine Will Not Make Compromise With Iran If Humiliating To Victims
Jul 24, 2020 Comments Off on Blackbaud Hack: Universities lose data to ransomware attack
Jul 22, 2020 Comments Off on Ayatollah Khamenei Hints Iran Yet to Strike ‘Reciprocal Blow’ Against US Over Soleimani Killing
Jul 05, 2020 Comments Off on Sorry, Russia: Iran is Building Their Own Domestic Tanks Now
Jul 25, 2020 Comments Off on ‘Flagrant violation’: Iran protests US jet approach at UNIran has protested the “flagrant violation” of international law to the United Nations after it said United States fighter jets sparked panic on an Iranian passenger plane over Syria. ...
Jul 22, 2020 Comments Off on Ayatollah Khamenei Hints Iran Yet to Strike ‘Reciprocal Blow’ Against US Over Soleimani KillingThe January 3 drone strike assassination of Revolutionary Guards Quds Force commander Qasem Soleimani in Baghdad brought Iran and the US to the brink of war, with Tehran responding with missile strikes on...
Feb 10, 2020 Comments Off on Qasem Soleimani, a hero or a terrorist?On 3rd of January a news spread in social media regarding Qasem Soleimani and AbuMahdi Mohandes who has died by a US drone strike near Baghdad Airport and this was the end of their lives. In social media, especially Iranian users, there was a chaotic situation, some called of “the general of...