Operation Cleaver: Iran Global Cyber Power?
Security firm Cylance accuse Iranian hackers target airlines energy defense companies worldwide as part of the Operation Cleaver campaign. Cylance suggest state sponsored cyber groups in Iran can be as sophisticated as cyber counterparts in other countries. Iran have supposedly been developing cyber warfare capabilities for many years and is said to be significant threat to government agencies and critical infrastructure companies around world.
Cylance suspect reason for attack is revenge possibly at countries suspected of developing Stuxnet which targeted Iran.
Operation Cleaver – Cylance chose name Cleaver because name appear frequently in the group code – has over the past several years conducted significant global surveillance and infiltration campaign. So far have successfully avoid detection by existing security technologies.
16 Countries targeted
Since at least 2012 Iranian actors have directly attacked and extracted highly sensitive materials from the networks of government agencies and major critical infrastructure companies in the following countries: Canada China England France Germany India Israel Kuwait Mexico Pakistan Qatar Saudi Arabia South Korea Turkey United Arab Emirates and United States. The Cylance report state that 50 different organisations in the 16 countries have been targeted.
Since at least 2012 Iranian actors have directly attacked and extracted highly sensitive materials from the networks of government agencies and major critical infrastructure companies in the following countries: Canada China England France Germany India Israel Kuwait Mexico Pakistan Qatar Saudi Arabia South Korea Turkey United Arab Emirates and United States. The Cylance report state that 50 different organisations in the 16 countries have been targeted.
Airport And Airline Compromise
The group compromise of networks and systems in airlines and airports in South Korea Saudi Arabia and Pakistan is particularly troubling Cylance said in its report. “The level of access seemed ubiquitous: Active Directory domains were fully compromised along with entire Cisco Edge switches routers and internal networking infrastructure.”
Tactic And Tools
Tactic used by group to infiltrate networks is similar to those used by other group. Tactic have include:
- SQL injection attack
- Spear phishing
- Water holing attacks using combination of custom-designed and publicly available malware tools.
Iran Deny Attack
Iran has officially denied involvement in the hacking campaigns. “This is a baseless and unfounded allegation fabricated to tarnish the Iranian government image, particularly aimed at hampering current nuclear talks” said Hamid Babaei -spokesman for Iran mission to United Nations-.
For full detail of Cylance report see here