The FBI has reportedly privately warned US energy and defence firms to be on the lookout for a sophisticated attack against their computer systems by sophisticated Iranian hackers.
That’s the claim made by Reuters which says it has seen a confidential “Flash” report issued by the US authorities on Friday, detailing methods used by the attackers and methods to thwart being hit by the malware.
Although the finger is most definitely being pointed at Iran – with the FBI’s advisory document identifying two IP addresses based in Iran that are used to launch attacks – the report does not go as far as to apportion blame to the Iranian authorities.
And, of course, it should be remembered that attributing attacks to a particular country is notoriously difficult, as it is so easy for hackers to hide their tracks, or use compromised computers in another nation to act as a proxy when launching their attacks if they so choose.
But, if accurate, the threat would appear to tie in with research issued earlier this month by Cylance of “Operation Cleaver”, a hacking campaign orchestrated by an Iranian team that the firm dubbed “Tarh Andishan”.
Operation Cleaver is said to have targeted critical infrastructure organisations around the world, including defence contractors, oil and gas energy producers, telecom firms, chemical companies and governments.
Cylance reported that it knew of some 50 targets and compromised victims, but believed that the FBI warning showed that the scale of the operation may be larger than its own research had revealed.
For its part, the government in Tehran is said to have vehemently denied any connection with the attacks.
Of course, Iran is no stranger to attacks on critical infrastructure – albeit most notoriously it was Iran that was on the receiving end of such an attack when the Stuxnet malware (probably built by the Americans with assistance from Israel) managed to infect the uranium enrichment facility at the city of Natanz.
Would it really be any surprise to hear that that incident had spurred Iran to invest more deeply in its own hacking attempts against critical infrastructure in countries it perceived to be its enemies?
It was recently revealed that in 2012 Iranian hackers had managed to break into a US Navy network for four months, exploiting a vulnerability in a poorly-secured public-facing website.
Regardless of whoever might be behind the latest attack that the FBI is warning about, it would be sensible for organisations to take it seriously and continue to assess the security of their systems to reduce the chances of a breach.
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsDecember 24, 2024
December 19, 2024
November 14, 2024