December 26-2014
Iranian hackers infiltrated government networks, airlines and oil and gas firms in four Arab states on the Persian Gulf during a two-year campaign targeting critical infrastructure around the world, according to a new report by a US cybersecurity firm.
The report concluded ominously, “As Iran’s cyber warfare capabilities continue to morph, the probability of an attack that could impact the physical world at a national or global level is rapidly increasing.”
Saudi Aramco and Qatar Airways were among the specific targets of what the report called “Operation Cleaver,” a person close to the report told Reuters. The report was written by Cylance, a cyber security firm based in Irvine, California.
Iran also attacked the military, aviation, energy and transportation sectors of countries including the UAE and Kuwait, while Cylance also supported US claims that Iran was responsible for a 2012 attack on the corporate computer systems and website of Saudi oil giant Aramco and Qatar’s RasGas, which caused the companies to temporarily shutdown.
Only Oman of the five Arab countries across the Persian Gulf was not attacked.
Outside the region, Cylance said, Operation Cleaver has hit aerospace firms, airports and airlines, universities, energy firms, telecommunications operators and even hospitals based in 12 countries, including the United States, Israel, China, India, Germany, France and England. The report did not name individual companies in those countries.
The firm said the campaign showed Iran’s increasing ability to hack sophisticated systems that could eventually allow it to cause physical damage.
“We believe that if the operation is left to continue unabated, it is only a matter of time before the team impacts the world’s physical safety,” Cylance said.
“As Iran’s cyber warfare capabilities continue to morph, the probability of an attack that could impact the physical world at a national or global level is rapidly increasing.
“Iran is no longer content to retaliate against the US and Israel alone. They have bigger intentions: to position themselves to impact critical infrastructure globally.”
The Iranian government has denied the report’s allegations. “This is a baseless and unfounded allegation fabricated to tarnish the Iranian government image, particularly aimed at hampering current nuclear talks,” a spokesman for Iran’s mission to the United Nations, Hamid Babaei, told Reuters.
The Cylance report does not detail motives for the specific attacks but suggests that Iran is attempting to gain leverage in its ongoing negotiations on its nuclear program.
Tehran has been investing heavily in its cyber capabilities since 2010, when its nuclear program was hit by the Stuxnet computer virus, widely believed to have been launched by the US and Israel.
Cylance said the Iranian hacking group has so far focused its campaign on intelligence gathering, but that it likely has the ability to launch attacks.
It said researchers who succeeded in gaining access to some of the hackers’ infrastructure found massive databases of user credentials and passwords, diagrams, and screenshots from organizations including energy, transportation, and aerospace companies, as well as universities.