Iranians finally enter field of geopolitical cyberwarfare

3 Dec 2014

Iran is thought to be behind Operation Cleaver, a campaign a group has undertaken to undermine the security of companies in 16 countries.

Following reports of North Korea being linked to a cyberattack on Sony, reports of UK and US involvement in Regin, and Chinese hacking that led to internet search giant Google’s withdrawal from China a few years back, it seems Iran is finally joining the world of geo-political ‘Hack me? How about I hack you!’ tennis.

“Since at least 2012,” claims security expert Cylance, which discovered Operation Cleaver, “Iranian actors have directly attacked, established persistence in, and extracted highly sensitive materials from the networks of government agencies and major critical infrastructure companies in the following countries: Canada, China, England, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey, United Arab Emirates, and the United States.”

To be honest, at this rate it’s becoming harder to name the global actors NOT getting involved in espionage, cyberwarfare and other shady dealings.

The states of play

Yesterday, we reported on the UK’s intelligence agency the Government Communications Headquarters (GCHQ) reportedly tapping undersea cables connected to Ireland. Then FireEye’s report found a group – with no location attributed – that is hacking into Wall Street traded companies for economic gain.

Now, Cylance claims the pro-Iran group, which will be harder to track now that it has been revealed, has so far breached airlines, energy companies, defence firms and even the Navy-Marine Corps Intranet.

“After tracking the Operation Cleaver team for over two years, we’re led to the inexorable conclusion,” says Cylance. “The government of Iran, and particularly the Islamic Revolutionary Guard Corps, is backing numerous groups and front entities to attack the world’s critical infrastructure.”

For a bit of context here, it’s fairly understandable to describe these allegedly Iranian actions as reactionary, rather than downright aggressive. After all, the country was subjected to several crucial pieces of malware, reported to have originated in the US, for a number of years. Stuxnet and Flame, for example.

Cylance fears many critical infrastructure organisations are unable to secure their complex environments against modern attacks. “They fall victim to the ‘glue flu’, a malaise of feeling stuck, not wanting to change the status quo for fear they will find problems that they have no idea how to prevent.”

“If Operation Cleaver doesn’t get the world to wake up to what is happening in the silent world of cyber, then perhaps nothing will.”

Iran flag on keyboard image via Shutterstock

Gordon Hunt was a journalist with Silicon Republic

editorial@siliconrepublic.com