Share

Iran hackers target key world networks - researchers

Washington - Iranian hackers have managed to penetrate and steal information from governments and companies around the world since 2012, posing a grave security threat, researchers say in a new report.

The report by security firm Cylance, released on Tuesday, said the hackers have "extracted highly sensitive materials" from government agencies and major critical infrastructure companies in the United States, Britain, Canada, China, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey and the United Arab Emirates.

Cylance researchers called the effort "Operation Cleaver" and said it has "conducted a significant global surveillance and infiltration campaign."

The group is believed to work from Tehran, with help from others located in the Netherlands, Canada, and Britain, the report said

Targets include government networks as well as companies involved in military, oil and gas, energy and utilities, transportation, airlines, airports, hospitals, telecommunications, technology, education, aerospace and other sectors.

"During intense intelligence gathering over the last 24 months, we observed the technical capabilities of the Operation Cleaver team rapidly evolve faster than any previously observed Iranian effort," the report said.

"As Iran's cyber warfare capabilities continue to morph, the probability of an attack that could impact the physical world at a national or global level is rapidly increasing. Their capabilities have advanced beyond simple website defacements."

Retaliation for Stuxnet worm

The report said Iran appeared to ramp up its cyber warfare capabilities after being hit by attacks including the Stuxnet worm, a programme widely believed to be led by the United States or Israel, and which targeted its nuclear energy programme.

"Stuxnet was an eye-opening event for Iranian authorities, exposing them to the world of physical destruction via electronic means," Cylance researchers said.

"Retaliation for Stuxnet began almost immediately in 2011."

Cylance said it has likely uncovered just "a fraction of Operation Cleaver's full scope" and added that "if the operation is left to continue unabated, it is only a matter of time before the world's physical safety is impacted by it."

Cylance said the effort is a "state-sponsored campaign" with the potential to affect airline safety, industrial systems and other critical networks.

"This campaign could be a way to demonstrate Iran's cyber capabilities for additional geopolitical leverage, due to the breadth and depth of their global targets," the report said.

It also said the hackers may be looking at collaborating with counterparts in North Korea to attack companies in South Korea. The group is also recruiting from universities in the United States and elsewhere and potentially using "hackers for hire."

"Perhaps the most bone-chilling evidence we collected in this campaign was the targeting and compromise of transportation networks and systems such as airlines and airports in South Korea, Saudi Arabia and Pakistan," the report said.

The infiltration means "their entire remote access infrastructure and supply chain was under the control of the Cleaver team, allowing permanent persistence under compromised credentials."

This led to "complete access to airport gates and their security control systems," and a takeover of payment systems to allow fraudulent purchases.

The 86-page report says evidence of Iranian involvement is clear, with Persian hacker names used throughout the campaign and many domains used registered in Iran.

We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
18.97
-0.4%
Rand - Pound
23.97
-0.3%
Rand - Euro
20.52
-0.2%
Rand - Aus dollar
12.35
-0.0%
Rand - Yen
0.13
-0.4%
Platinum
900.15
+0.4%
Palladium
1,000.00
-0.2%
Gold
2,213.87
+0.9%
Silver
24.75
+0.4%
Brent Crude
86.09
-0.2%
Top 40
68,237
+0.8%
All Share
74,414
+0.7%
Resource 10
57,122
+2.6%
Industrial 25
103,714
+0.4%
Financial 15
16,494
-0.2%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders