Iranian Hackers Sneak Onto Western Systems

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

A large number of western computer systems have been infiltrated by Iranian hackers, Cylance warns

Iran has become the latest government to flex its cyber security muscles after an American security firm warned that Iranian hackers have infiltrated the computer systems of many foreign companies.

It comes as Iran responds to Western cyber attacks against its nuclear program, which some feel threats regional and global security.

Iranian Hackers

The warning about the hacking campaign (dubbed Operation Cleaver)  was made by American cyber security firm Cylance.

It said that the Iranian hackers had penetrated systems of many global organisations spread across the energy, transport, infrastructure, telecommunications industries in a number of countries, including United States, Israel, China, Saudi Arabia, India, Germany, France, and the UK.

Iran cyber - Shutterstock - © Duc DaoCylance did not name any individual companies, but it did state that while the hacks seemed to be mostly focused on intelligence gathering, they could eventually cause physical damage.

Reuters quoted a person familiar with the research, who said that US energy firm Calpine Corp, state-controlled oil companies Saudi Aramco and Petroleos Mexicanos (Pemex), as well as flag carriers Qatar Airlines and Korean Air were among the specific targets.

“We believe that if the operation is left to continue unabated, it is only a matter of time before the team impacts the world’s physical safety,” Cylance reportedly said.

The firm added its researchers uncovered breaches affecting more than 50 entities and had evidence they were committed by the same Tehran-based group that was behind a previously reported 2013 cyber attack on a US Navy network. It has apparently obtained hundreds of files stolen by the Iranian group from the US Navy’s Marine Corps Intranet (NMCI).

Iran has denied it is involved in any hacking campaigns. A diplomatic representative for Iran told Reuters that Cylance’s claim was groundless.

“This is a baseless and unfounded allegation fabricated to tarnish the Iranian government image, particularly aimed at hampering current nuclear talks,” Hamid Babaei, spokesman for Iran’s mission to the United Nations, was quoted as saying.

Cyber Defence

Experts are warning that governments and organisations need to maintain their vigilance if they are to retain their cyber defences.

“As cyber-attacks get ever more advanced and successful at defeating countermeasures, companies and government organisations across the board need to be alert to lengthy, stealthy data breaches,” a Malwarebytes spokesperson said. “Such threats can sit for quietly for long periods of time, completely unnoticed, secretly stealing everything from personal data to supposedly secure documents and intellectual property.”

“We may never know for certain who is behind the attacks in the report, however one thing is definite, everyone is now a target,” said the spokesperson. “It is more important than ever for companies to be vigilant and look again at  their security approach, because if they don’t, it’s certain someone else already is.”

Of course, it is worth noting that Iran itself has been a victim of cyber attacks over the years, reportedly from Western nations interested in disrupting its nuclear program, which Iran insists is for internal energy needs.

However, many foreign countries are concerned that if Iran becomes a nuclear power, it will have both regional and global implications.

Are you a security pro? Try our quiz!