Iran Conducted Cyber Attacks On UK Infrastructure – Report

cyber attack, hacking, compromise, security

Cyber attacks that targetted UK infrastructure in December were conducted by Iran, says media report

A major cyber-attack last December on the UK’s local government networks and the Post Office was reportedly carried out by a nation-state attacker.

The attacker has been identified by US security experts as Iran, or more accurately a group connected to the Iranian Revolutionary Guards.

Cyber-attacks by nation states are unfortunately on the rise. A recent example was the major cyberattack against the Singapore government in July last year, which resulted in the theft of the personal data belonging to 1.5 million people, including the medical records of Prime Minister Lee Hsien Loong.

carphone warehouse

Iran attack

But now Sky News reported that it had learned that Iran have been blamed for cyber attacks on UK infrastructure on 23 December last year.

The attack targetted local government networks and the Post Office, but also involved private sector companies such as banks.

Sky News quoted the National Cyber Security Centre as saying that it was “aware of a cyber incident affecting some UK organisations in late 2018” and that it was “working with victims and advising on mitigation measures”.

It was reported that personal details belonging to thousands of staff were stolen, including the email address and mobile phone number of the Post Office chief executive Paula Vennells.

Sky News also reported that analysis by cyber security experts at Glasswall had concluded that a group connected to the Iranian Revolutionary Guard was responsible for this attack, as well as the attack on the parliamentary network in 2017.

Sky News reported that it had seen the 10,204 data records that were stolen from the parliament global address lists during that attack including addresses, company positions and phone numbers.

The stolen data could be used to start a deeper attack, Lewis Henderson, VP of threat intelligence at cyber security company Glasswall told the UK broadcaster.

“As we’ve seen, you can do anything… influence elections, in particular. You can start to impersonate people within that government as well and be utterly convincing,” he reportedly said.

“The levels of trust that the global address list puts in place is completely eroded once you’ve lost that information, once it’s out there in the hands of the attackers,” said Henderson. “We know that they could be impersonating members of our own government and starting to alter and disrupt communications.”

Sky News said it had informed British security services of the findings, and although they haven’t publicly confirmed Iran’s involvement, four separate security sources say they believe it to be accurate.

State threats

One security expert warned of the real danger posed by nation state attacks.

“The threat of state actioned cyberattacks is very real to governments, public sector and private sector organisations alike,” explained Dr Simon Wiseman, CTO of cybersecurity company Deep Secure.

“In addition to news of the cyber campaign from Iran, the UK and its western allies recently accused the Chinese government of carrying out an extensive campaign of cyberwarfare, with spies working at General Electric in the US caught using steganography to steal industrial secrets,” said Dr Wiseman.

“State-sponsored cyberwarfare and cyber espionage is only set to increase, with vast amounts now being spent by all countries – including the UK – into offensive as well as defensive cyber capabilities,” he added.

Another expert also said that it is not just government’s being targetted, but also businesses and financial bodies.

“This is a sobering story which demonstrates how wide the scope is when we talk about nation state cyber attacks,” said David Atkinson, CEO of Senseon.
“The temptation is to think of one government’s agency fighting another,” said Atkinson. “However, as this story demonstrates, the reality is that the battlefield extends beyond that to businesses, public services and other organisations. In this case the Post Office, local government and banks are the victims that were caught in the crossfire.”
“This attack also shows that we need to change awareness of what constitutes critical infrastructure,” Atkinson added. “Again, we are not just talking about the energy sector, communications, and industrial organisations. Threat actors will also target the economy and if a large scale attack is launched against the UK’s banks, you can bet the situation will quickly become critical. The government has a responsibility to ensure a good standard of security and defence across all major organisations to safeguard the UK.”

Last November the US Justice Department indicated two Iranian men, it alleged were behind the destructive SamSam ransomware outbreak that affected hundreds of organisations around the world, including the City of Atlanta, a Los Angeles hospital and the Port of San Diego, and caused more than $30 million (£24m) in damage.

Iran meanwhile claimed last year that an attempted cyber-attack had threatened to disrupt its telecommunications network, after saying it had discovered a new version of the Stuxnet malware targeting its nuclear infrastructure.

Do you know all about security? Try our quiz!