Iranian hackers penetrate airlines, defense contractors, and hospitals

Iran turns out to be a big player on the Cyber War battlefield, as reported by ComputerWorldUK:

For the past two years, a team of Iranian hackers has compromised computers and networks belonging to over 50 organizations from 16 countries, including airlines, defense contractors, universities, military installations, hospitals, airports, telecommunications firms, government agencies, and energy and gas companies.

The attacks have collectively been dubbed Operation Cleaver after a string found in various malware tools used by the hacker group, which is believed to operate primarily out of Tehran.

“We discovered over 50 victims in our investigation, distributed around the globe,” said researchers from IT security firm Cylance in an extensive report released Tuesday. “Ten of these victims are headquartered in the US and include a major airline, a medical university, an energy company specializing in natural gas production, an automobile manufacturer, a large defense contractor, and a major military installation.”

Other victims were identified in Canada, China, England, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey and the United Arab Emirates.

As with Cyber War operations in Russia and China, a thin pretense of distance was maintained between the Iranian government and Operation Cleaver:

The attackers used publicly available attack tools and exploits, as well as specialized malware programs they created themselves. Cylance believes the team consists of at least 20 hackers and developers who support Iranian interests and were probably recruited from the country’s universities.

“The infrastructure utilized in the campaign is too significant to be a lone individual or a small group,” the Cylance researchers said. “We believe this work was sponsored by Iran.”

This crew seemed fairly aggressive about stealing information from targeted systems, including the sort of security information that could help them pull off future sabotage attacks.  Disturbingly, they gained access to airport gate security systems, and penetrated deep into popular commercial sites like PayPal.  The Iranians seem to be planning something to retaliate for the use of Stuxnet and other malware programs against their nuclear weapons program.  According to security experts, it has the makings of an assault far more direct and serious than the way Russian hackers have been looting financial data in retaliation for Western sanctions:

“The Operation Cleaver report documents how Iran is the first highly motivated Western world adversary poised to execute serious attacks against global infrastructure, not just targeting the United States, but the critical infrastructure of over a dozen different countries,” said Stuart McClure, Cylance’s CEO and President, in a blog post. “They aren’t looking for credit cards or microchip designs, they are fortifying their hold on dozens of networks that if crippled would affect the lives of billions of people.”

Engadget adds that Cylance “admits it’s uncovered but a small portion of the breaches thus far, so the campaign could be much larger in scope.”  The Iranians, of course, deny everything.