Americans should be on heightened alert for cyberattacks after Iran fired more than a dozen missiles at two military bases in Iraq where U.S. troops are stationed late Tuesday, security researchers say. Iran could target private businesses and government infrastructure to avenge last week's killing of its top military commander as tensions between Tehran and Washington reach one of their highest points since the 1979 Iranian revolution. "I am not predicting it will happen, but if it happens, I won't be surprised," said Steven Bellovin, a computer science professor at Columbia University School of Engineering. A cyber conflict has been silently raging for years. In retaliation for the U.S. drone strike that killed Iranian commander Qasem Soleimani in Baghdad last week, Iran could target the power and electricity you use, the smart devices you carry or your bank account, security experts say.
FRANKFURT – Hackers probably linked to Iran's government have hit Saudi and Western aerospace and petrochemical firms, marking a rise in Iranian cyberspying prowess, security firm FireEye said on Wednesday, an assessment shared by other U.S. experts. A FireEye report on Wednesday dubbed the hacker group APT33 and offered evidence of its activities since 2013 in seeking to steal aviation and military secrets, while also gearing up for attacks that might cripple entire computer networks. In a separate but related move last week, the U.S. Treasury Department added two Iran-based hacking networks and eight individuals to a U.S. sanctions list, accusing them of taking part in cyber-enabled attacks on the U.S. financial system. Iran's Islamic Revolutionary Guard Corps, elements of which were also added to the U.S. sanctions list, was not immediately available for comment when contacted by phone by Reuters on Wednesday, the end of the country's working week. FireEye identified APT33 after it was called in to investigate cyberattacks on a U.S. aviation organization, a Saudi business conglomerate with aviation holdings and a South Korean group with interests in oil refining and petrochemicals.
A Russian state-sponsored cyber-espionage group has come back to life after a one-year period of inactivity with a relative large spear-phishing campaign that has targeted both the US government and private sector. The hacking group is known in infosec circles as Cozy Bear, APT29, The Dukes, or PowerDuke, and is infamous because it's one of the two Russian state hacking crews that hacked the Democratic National Committee before the 2016 US Presidential Elections. "On 14 November 2018, CrowdStrike detected a widespread spear-phishing campaign against multiple sectors," Adam Meyers, VP of Intelligence told ZDNet today. "These messages purported to be from an official with the U.S. Department of State and contained links to a compromised legitimate website," he added. "Individuals receiving the emails worked at organizations in a range of sectors including in think tank, law enforcement, government, and business information services.
Christopher C. Krebs, Director of Cybersecurity and Infrastructure Security Agency (CISA) warned of a potential new wave of cyber attacks carried out by Iran-linked hacker groups targeting U.S. assets. The attacks could be the response of the Iranian cyber unit after Maj. Gen. Qassim Suleimani was killed by a U.S. drone airstrike at the Baghdad airport in Iraq. "Given recent developments, re-upping our statement from the summer," Krebs explained in Tweet. "Bottom line: time to brush up on Iranian TTPs and pay close attention to your critical systems, particularly ICS," he added.
Until now, Silicon Valley's efforts have been focused almost exclusively on Russia, as revelations over the past year about Moscow's influence operations targeting U.S. politics put pressure on social-media giants to detect and remove Kremlin-sponsored campaigns. Iran's tactics are different, cybersecurity experts said, focusing on advancing its foreign policy interests in ways not as extreme as Russia's efforts to disrupt U.S. elections. Iran's moves have expanded as the toll of international sanctions against the nation rose and tensions between Washington and Tehran increased. Tech companies are also under renewed pressure as a number of top executives are slated to testify before Congress in early September about how their internet platforms were hijacked by foreign actors and what they are doing to prevent future abuses. Google's investigators uncovered evidence that the accounts it took down are connected with the Islamic Republic of Iran Broadcasting, which has been under U.S. sanctions since 2013, and date back to at least January 2017.