Stuxnet is a malicious computer worm, first uncovered in 2010. Thought to have been in development since at least 2005, Stuxnet targets SCADA systems and is believed to be responsible for causing substantial damage to Iran’s nuclear program.
That was then and now Iran is fighting back. Although neither country has openly admitted responsibility, the worm is believed to be a jointly built American/Israeli cyberweapon.
Flashing forward to the summer of 2019 top cybersecurity firms say Iranian hackers have revved up attempts to breach computer systems in the U.S. as hostilities have spiked between Washington and Tehran — and they warn that further escalation could be near.
Crowdstrike and FireEye are among the companies that have reported seeing an uptick in recent weeksfor the exploits, which use deceptive emails to try to trick victims into installing malicious software on their systems.
“Any intrusion can be the first step” toward a broader attack, Ben Read, senior cyber-espionage analyst for FireEye, told POLITICO on Friday. Read added that the leader of the latest campaign — an Iranian government-connected hacker group known as APT33 or Refined Kitten — has been linked to destructive attacks using that have wiped computers at targets like the giant oil and gas company Saudi Aramco. “Really, we’re seeing increased cyber activity that seems to be focused on the West,”said Adam Meyers, vice president of Intelligence at Cylance. “In early June, mid-June is when it really started to kick off,” he told POLITICO. FireEye offered a similar timeline.
The chronology matches the steady ratcheting of tensions between the United States and Iran:In late May, the U.S. deployed additional troops to the Middle East, and in mid-June, Secretary of State Mike Pompeo blamed Iran for attacks on two commercial tankers. But the FBI warned industry as far back as April about possible Iranian retaliation in cyberspace after the Trump administration designated the Islamic Revolutionary Guard Corps as a terrorist organization, The Wall Street Journal reported Friday.
Another firm, Senseon, told Wired that it had seen attacks targeting the Energy Department and U.S. national labs. Senseon has been offering their AI-based cyberdefense solution for as little as $1,000 per month.
All three companies said the attacks were aimed at both federal and local government and private sector targets, and Read said his firm had seen attacks on targets in the Middle East as well. Meyers noted that Refined Kitten often has targeted the energy sector, particularly in the Middle East and Saudi Arabia specifically. One recurring lure is an email pretending to originate from the White House Council of Economic Advisers, seeking applications for a job opening.
Cyber experts already were worried about possible retaliatory targeting of the energy sector after The New York Timespublished a story Saturday about U.S. Cyber Command escalating attacks on Russia’s electricity grid. The possibility of an Iranian hacking group known for attacking the energy sector could increase that risk.
“The Department of Energy is aware of the reports of APT33 activity and for security reasons we do not comment on current cyber activity directed at the Department’s networks,” a senior DOE official told POLITICO. “The Department has numerous systems deployed that protect the Department from adversaries attempting to compromise our networks and constantly shares threat intelligence information across our labs and sites.” Some potential targets say they have yet to see a spike in threats, however.
“Attempted cyber intrusions in the natural gas industry are a common occurrence, but we have not experienced an uptick,” a natural gas industry source told POLITICO. The so-called spearphishing attacks might just be about intelligence gathering, Read said. “It’s not surprising that Iran would want to know what the U.S. decision-making would look like right now,” he said. “They want to be across the table from what we’re planning.”
U.S. officials rank Iran as one of the country’s four top cyber adversaries alongside Russia, China and North Korea. In 2016, the Justice Department indicted seven Iranians for a series of cyberattacks against the U.S. financial sector and a dam in New York. Last year, it announced charges against an Iranian hacking ring that prosecutors accused of stealing documents from more than 100 American universities and federal agencies.
For more information call us at: (844) 442-4378 x707
