Iranian hackers have breached the networks of 50 organizations from 16 countries, including the United States, leading to the possibility that the state-sponsored cyber thieves have left those affected extremely vulnerable, according to IT security firm Cylance.
The attack, which was named Operation Cleaver, is believed to be the most sophisticated documented cyber bombardment carried out by the Iranian regime to date
“We discovered over 50 victims in our investigation, distributed around the globe,” said the Cylance report. “Ten of the victims are headquartered in the US and include a major airline, a medical university, an energy company specializing in natural gas production, an automobile manufacturer, a large defense contractor, and a major military installation.”
The firm added that the hackers may have stolen information that could allow them to access and corrupt Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems. SCADA and ICS systems control everything from water to oil, gas, electric, and transit systems.
The report also found that the hackers were able to infiltrate airport security systems. “They achieved complete access to airport gates and their security control systems, potentially allowing them to spoof gate credentials,” said the Cylance report.
Iran has over the past few years dedicated significant resources towards hardening its defensive and offensive cyber capabilities. The Stuxnet virus, which damaged and set back Iran’s nuclear program, is believed to be one of the mechanisms that convinced the regime to invest into the cyber sphere.
In February, Iran’s Ayatollah Khamenei enthusiastically said in an address to his cyber teams, “You are the cyber-war agents… get yourselves ready for such war wholeheartedly.”
In his 2014 Worldwide Threat Assessment, U.S. Director of National Intelligence James Clapper warned that Iran’s “development of cyber espionage or attack capabilities might be used in an attempt to either provoke or destabilize the United States or its partners.”
Mark Weatherford, Former Deputy Under Secretary for Cybersecurity at the US Dept of Homeland Security, said of the report: “Global critical infrastructure organisations need to take this threat seriously. The Iranian adversary is real and they’re coming, if not already here.”