Iranian hackers poised for wide-ranging strikes in retaliation for U.S. leaving nuclear deal
The FBI is warning that Iranian hackers could conduct new cyber attacks on American businesses and government networks in response to the Trump administration’s withdrawal from the Iran nuclear deal.
“The FBI assesses foreign cyber actors operating in the Islamic Republic of Iran could potentially use a range of computer network operations—from scanning networks for potential vulnerabilities to data deletion attacks—against U.S.-based networks in response to the U.S. government’s withdrawal from the Joint Comprehensive Plan of Action (JCPOA),” the FBI said in a cyber alert to U.S. businesses.
Previous Iranian cyber attacks were carried out against targets in the United States in retaliation for “perceived slights against the regime,” the May 22 notice states.
The FBI warned that Iranian hackers may view the U.S. withdrawal from the Iran deal as justification for stepped up cyber attacks.
The warning noted that between December 2011 and August 2013 two organizations linked to the Iranian government carried out large-scale distributed denial of service, or DDOS, attacks on U.S. financial institutions’ websites in retaliation for U.S. sanctions that squeezed the Iranian economic.
Then in 2014, Iranian hackers broke into networks of the Sands Casino in Las Vegas and destroyed computers in retaliation for anti-Iranian government comments made by the casino’s owner Sheldon Adelson.
The FBI report included a chart listing specific methods used by Iranian hackers in conducting cyber attacks on the computer networks of academic institutions, commercial businesses, financial institutions, and the government.
For its cyber activities against academic institutions, the Iranians have used spear-phishing—the use of fraudulent emails to gain access to networks—as well as “password spray” attacks. Both methods allow hackers to gain access to networks without triggering alarms.
A password spray is a method of breaking into computers using a username and the use of a few passwords that seeks to avoid the lock out feature now used by most login software.
The Iranians gained confidential information and proprietary data from the schools and universities.
In the commercial sector, spear-phishing was the main method and “gave actors the access to wipe hard drives,” the FBI said.
During financial sector hacks, DDOS attacks blocked customers from accessing financial websites and disrupted businesses.
…Recently, Iranian cyber attacks also have focused on efforts to disrupt U.S. critical infrastructure.
In March 2016, a federal grand jury indicted seven Iranians on charges of conducting cyber attacks against the United States. The indictment identified two Iran government-linked hacker groups behind a series of cyber attacks, the ITSec Team and the Mersad Company.
The two entities were blamed for an Iranian cyber attack on the control network used by the Bowman Dam near Rye, N.Y. The attack failed because the dam’s network had been taken down for maintenance.
A top-secret National Security Agency document from 2013 said “Iran continues to conduct distributed denial of service attacks against numerous U.S. financial institutions.”
“[Signals intelligence] indicates these attacks are in retaliation to Western activities against Iran’s nuclear sector and that senior officials of the Iranian government are aware of these attacks,” says the report, made public by renegade NSA contractor Edward Snowden.
…A report by the State Department-led Overseas Security Advisory Council warned that Iranian cyber capabilities are growing.
“Previous high-profile incidents have propelled Iran’s standing from low-level cyber threat to capable adversary,” the 2015 report said.
“Iranian hackers have been suspected in multiple incidents that inflicted damage on various entities in the private sector, including finance and energy firms. Current analysis indicates Iran may intend to use its growing cyber force to attack global critical infrastructure.”
Targets have included U.S. government personnel involved in arms nonproliferation and wiper malware on the Sands, as well as an attack on the Marine Corps’ intranet. An Iranian activity known as Operation Cleaver in 2014 targeted global infrastructures in multiple industries.
Full article: FBI: Iran to Launch New Cyber Attacks (Washington Free Beacon)