Iranian Hackers Identified to have Ubiquitous Control of Airlines, Energy Companies, Universities, and Major Businesses
A new research report released on Tuesday identifies Iran-based hackers who have infiltrated and taken control of a number of commercial and business systems around the world. The report claims that Iran is the new China making several discoveries which are quite intrusive and rather scary.
Operation Cleaver makes Iran first-tier cyber power?
Apparently working on behalf of Iranian government, these hackers have so far taken control of some major businesses including energy companies and airlines. Hackers were able to spy on critical control and computer networks in the countries including Canada, Israel, Pakistan, India, Qatar, Kuwait, Mexico, United States, Turkey, Saudi Arabia, China, and South Korea.
The 86-page long research by the cyber security firm Cylance reports that airports in Saudi Arabia, Pakistan and South Korea were targeted which is interesting as Saudi Arabia is a known adversary of the country, however, Iran is on better terms with Pakistan and South Korea. The attacks on airports included all of the security not to mention the gate controls where they were able to remotely control security systems potentially allowing clandestine movements.
Perhaps the most bone-chilling evidence we collected in this campaign was the targeting and compromise of transportation networks and systems such as airlines and airports in South Korea, Saudi Arabia and Pakistan. The level of access seemed ubiquitous: Active Directory domains were fully compromised, along with entire Cisco Edge switches, routers, and internal networking infrastructure. Fully compromised VPN credentials meant their entire remote access infrastructure and supply chain was under the control of the [Iranian] team, allowing permanent persistence under compromised credentials. They achieved complete access to airport gates and their security control systems, potentially allowing them to spoof gate credentials.
As for as South Korea is concerned, Cylance gives the reasoning:
Operation Cleaver’s intense focus on critical infrastructure companies, especially in South Korea, hints at information sharing or joint operations with Iran’s partner, North Korea. In September, 2012, Iran signed an extensive agreement for technology cooperation agreement with North Korea, which allows for collaboration on a variety of efforts including IT and security.
Apart from these countries, hackers were also able to infiltrate airlines (not airports) in United Arab Emirates, United States, and Qatar. In the United States, Cylance identified a Navy-Marine Corps network in San Diego as a victim along with a major airline, a medical university, major military installation, and an energy company specializing in natural gas production. Names weren’t mentioned in the report.
Cylance is calling this Iran-based hacking project as Operation Cleaver mainly because the word Cleaver has appeared several times in the malicious code.
With the latest attack on Sony Pictures Entertainment and now this discovery of hackers’ capabilities to infiltrate some of the world’s most secure and critical systems, cyber security analysts and experts seem to have a tough holiday season ahead.
Targets and victims: