Report Exposes Coordinated Cyber Attacks on Global Critical Infrastructure by Iran-Based Hackers
A new report details coordinated attacks by hackers with ties to Iran on more than 50 targets in 16 countries around the globe. Victim organizations were found in a variety of critical industries, with most attacks on airlines and airports, energy, oil and gas, telecommunications companies, government agencies and universities. The report – titled "Operation Cleaver" and released by cybersecurity company Cylance,details how hackers used custom and publicly available tools - SQL Injection, spear phishing, and water holing attacks -- to extract highly sensitive and confidential materials and compromise networks with persistent presence to such a severity that they have control over networks of victims in 16 countries. Cylance found significant victims in Canada, China, England, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey, United Arab Emirates and the United States.
"We discovered the scope and damage of these operations during investigations of what we thought were separate cases," said Stuart McClure, CEO of Cylance. "Due to the choice of critical infrastructure victims and the Iranian team’s quickly improving skillset, we are compelled to publish this report. By exposing our intelligence on Cleaver, we hope the information we share can reveal the techniques and tools of this group, drawing global attention to attacks on critical infrastructure and preventing attacks which could endanger human lives."
The attackers extracted large amounts of data, including swaths of sensitive employee information and schedule details; identification photos; information about airport and airline security; and PDFs of network, housing, telecom, and electricity diagrams suggesting the attacks may have other motives than financial or intellectual property.
Targets discovered include a company specializing in natural gas production, electric utilities organizations, as well as a variety of oil and gas providers. They also include San Diego’s Navy Marine Corp Intranet - a large defense contractor and major U.S. military installation, airports, major airlines, an automobile manufacturer, as well as transportation networks, telecom and technology companies, multiple colleges and universities, often with an emphasis on medical schools.