Iranian hackers target world's top energy, transport firms: Cylance

Iranian hackers target world's top energy, transport firms: Cylance

PanARMENIAN.Net - Iranian hackers have infiltrated some of the world's top energy, transport and infrastructure companies over the past two years in a campaign that could allow them to eventually cause physical damage, U.S. cyber security firm Cylance said, according to Reuters.

Aerospace firms, airports and airlines, universities, energy firms, hospitals, and telecommunications operators based in the United States, Israel, China, Saudi Arabia, India, Germany, France, England have been hit by the campaign, the research firm said, without naming individual companies.

A person familiar with the research said U.S. energy firm Calpine Corp, state-controlled oil companies Saudi Aramco and Petroleos Mexicanos (Pemex), as well as flag carriers Qatar Airlines and Korean Air were among the specific targets.

The 87-page report comes as governments scramble to better understand Iran's cyber capabilities, which researchers say have grown rapidly as Tehran seeks to retaliate for Western cyber attacks on its nuclear program.

"We believe that if the operation is left to continue unabated, it is only a matter of time before the team impacts the world’s physical safety," Cylance said.

The California-based company said its researchers uncovered breaches affecting more than 50 entities and had evidence they were committed by the same Tehran-based group that was behind a previously reported 2013 cyber attack on a U.S. Navy network.

A Pemex spokesman said the company had not detected any attacks from the Iranian groups but was constantly monitoring, according to Reuters.

Tehran has been investing heavily in its cyber capabilities since 2010, when its nuclear program was hit by the Stuxnet computer virus, widely believed to have been launched by the United States and Israel. Iran has said its nuclear program is intended for the production of civilian electricity, and denies Western accusations it is seeking to build a nuclear bomb.

Cylance said the Iranian hacking group has so far focused its campaign - dubbed Operation Cleaver - on intelligence gathering, but that it likely has the ability to launch attacks.

It said researchers who succeeded in gaining access to some of the hackers' infrastructure found massive databases of user credentials and passwords, diagrams, and screenshots from organizations including energy, transportation, and aerospace companies, as well as universities.

It would not be the first time Saudi Aramco has been targeted by hackers, Reuters reminds. In 2012, some 30,000 computers at the oil company were infected by a virus known as Shamoon, in one of the most destructive such strikes conducted against a single business. Some U.S. officials have said they believe Iran was behind that attack.

Cylance said its researchers also obtained hundreds of files apparently stolen by the Iranian group from the U.S. Navy's Marine Corps Intranet (NMCI). U.S. government sources had confirmed that Iran was behind the 2013 NMCI breach, but did not provide further details.

A diplomatic representative for Iran said Cylance's claim was groundless. "This is a baseless and unfounded allegation fabricated to tarnish the Iranian government image, particularly aimed at hampering current nuclear talks," said Hamid Babaei, spokesman for Iran's mission to the United Nations.

Cyber security firm FireEye Inc in May said that an Iranian hacking group was behind a series of attacks on U.S. defense companies.

The cyber intelligence firm iSight Partners also reported in May that it had uncovered an unprecedented, three-year campaign in which Iranian hackers had created false social networking accounts and a bogus news website to spy on leaders in the United States, Israel and other countries.

 Top stories
Yerevan will host the 2024 edition of the World Congress On Information Technology (WCIT).
Rustam Badasyan said due to the lack of such regulation, the state budget is deprived of VAT revenues.
Krisp’s smart noise suppression tech silences ambient sounds and isolates your voice for calls.
Gurgen Khachatryan claimed that the "illegalities have been taking place in 2020."
Partner news
---