The news this week has been on the successful cyber-attack of Sony Studios by agents of North Korea. But CIOs should be more concerned of a major hacking threat originating from the country of Iran.
In an exclusive report, Reuters News Agency said, “The Federal Bureau of Investigation has warned U.S. businesses to be on the alert for a sophisticated Iranian hacking operation whose targets include defense contractors, energy firms and educational institutions, according to a confidential agency document.”
The article also said, “The operation is the same as one flagged last week by cyber security firm Cylance Inc as targeting critical infrastructure organizations worldwide, cyber security experts said. Cylance has said it uncovered more than 50 victims from what it dubbed Operation Cleaver, in 16 countries, including the United States.”
Cylance has an extensive report on Operation Cleaver on its website. It says, “The Operation Cleaver report documents how Iran is the first highly motivated Western world adversary poised to execute serious attacks against global infrastructure, not just targeting the United States, but the critical infrastructure of over a dozen different countries. They aren’t looking for credit cards or microchip designs, they are fortifying their hold on dozens of networks that if crippled would affect the lives of billions of people.
“Over two years ago the Iranians deployed the Shamoon malware on Saudi Aramco, the most destructive attack against a corporate network to date, digitally destroying three quarters of Aramco’s PCs. Such an attack is just the beginning, it serves as a proof of concept to prove that such large scale and devastating attacks are not only possible but impending.”
Stuart McClure, Cylance’s CEO/president and founder, writes in the company’s blog, “For the last 26 years I have watched the evolution of computing, the explosive growth of the Internet, and the near ubiquity of technology to every corner of the globe. At the same time, I’ve seen computer hacking evolve, from enthusiasts testing concepts for the first time, teenagers defacing websites to impress strangers on IRC, acts of advanced SCADA system destruction, and sophisticated espionage nation state hacks from the Chinese, Russians, and now the Iranians.”
McLure adds, “Over the last two years, we have watched the Iranians successfully compromise over half of the 50+ targets we have had visibility into, achieving in some cases full compromise over not just servers and workstations, but network infrastructure and administrator credentials. While to date Cylance has yet to see Operation Cleaver result in loss of life or disruption of critical services, with the history of this group I see that as a likely consequence of these attacks.”
A troubling quotation from the report, attributed to retired U.S. Navy Admiral William J. Fallon, is “Iran has rapidly gained near parity with the Chinese but may be closer to the Russians in terms of swagger.” Fallon is former commander of the United States Central Command, which is responsible for U.S. security interests in 20 nations, stretching through the Arabian Gulf region into Central Asia.
According to the Reuters story, “The FBI’s technical document said the hackers typically launch their attacks from two IP addresses that are in Iran, but did not attribute the attacks to the Tehran government. Cylance has said it believes Iran’s government is behind the campaign, a claim Iran has vehemently denied.”
A TechTimes.com article reported, “It’s still unclear the full-scale abilities of Operation Cleaver, as Cylance says its has only been able to collect samples from the ring sporadically. The Active Directory worm Net Crawler, also known as NetC, is one of the tools Operation Cleaver has been known to use, according to Cylance. NetC buries itself in SmartAssembly, a tool commonly used by businesses, and then it extracts credentials when it is deployed. From there, the worm propagates itself through systems networked to the compromised computers and lifts more credentials.”