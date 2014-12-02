(Adds names of some of the companies targeted in paragraphs 3
and 7)
By Jim Finkle
BOSTON Dec 2 Iranian hackers have infiltrated
some of the world's top energy, transport and infrastructure
companies over the past two years in a campaign that could allow
them to eventually cause physical damage, according to U.S.
cyber security firm Cylance.
Aerospace firms, airports and airlines, universities, energy
firms, hospitals, and telecommunications operators based in the
United States, Israel, China, Saudi Arabia, India, Germany,
France, England have been hit by the campaign, the research firm
said, without naming individual companies.
A person familiar with the research said U.S. energy firm
Calpine Corp, state-controlled oil companies Saudi
Aramco and Petroleos Mexicanos (Pemex), as well as
flag carriers Qatar Airlines and Korean Air were
among the specific targets.
The 87-page report comes as governments scramble to better
understand Iran's cyber capabilities, which researchers say have
grown rapidly as Tehran seeks to retaliate for Western cyber
attacks on its nuclear program.
"We believe that if the operation is left to continue
unabated, it is only a matter of time before the team impacts
the world's physical safety," Cylance said.
The California-based company said its researchers uncovered
breaches affecting more than 50 entities and had evidence they
were committed by the same Tehran-based group that was behind a
previously reported 2013 cyber attack on a U.S. Navy network.
A Pemex spokesman said the company had not detected any
attacks from the Iranian groups but was constantly monitoring.
Officials at the other companies were not immediately available
to comment.
A diplomatic representative for Iran said Cylance's claim
was groundless. "This is a baseless and unfounded allegation
fabricated to tarnish the Iranian government image, particularly
aimed at hampering current nuclear talks," said Hamid Babaei,
spokesman for Iran's mission to the United Nations.
Reuters was unable to independently vet the research ahead
of its publication. Cylance said it has reported the alleged
hacking operation to some victims as well as to the U.S. Federal
Bureau of Investigation. An FBI spokesman declined comment.
Cylance's research provides a new example of how governments
may be using cyber technology as a tool for spying and staging
attacks on rival states.
Russian and Chinese hackers have been blamed for a variety
of corporate and government cyber attacks, while the United
States and Israel are believed to have used a computer worm to
slow development of Iran's nuclear program.
Tehran has been investing heavily in its cyber capabilities
since 2010, when its nuclear program was hit by the Stuxnet
computer virus, widely believed to have been launched by the
United States and Israel. Iran has said its nuclear program is
intended for the production of civilian electricity, and denies
Western accusations it is seeking to build a nuclear bomb.
Cylance said the Iranian hacking group has so far focused
its campaign - dubbed Operation Cleaver - on intelligence
gathering, but that it likely has the ability to launch attacks.
It said researchers who succeeded in gaining access to some
of the hackers' infrastructure found massive databases of user
credentials and passwords, diagrams, and screenshots from
organizations including energy, transportation, and aerospace
companies, as well as universities.
It would not be the first time Saudi Aramco has been
targeted by hackers. In 2012, some 30,000 computers at the oil
company were infected by a virus known as Shamoon, in one of the
most destructive such strikes conducted against a single
business. Some U.S. officials have said they believe Iran was
behind that attack.
Cylance said its researchers also obtained hundreds of files
apparently stolen by the Iranian group from the U.S. Navy's
Marine Corps Intranet (NMCI). U.S. government sources had
confirmed that Iran was behind the 2013 NMCI breach, but did not
provide further details.
A U.S. defense official said on Monday it took about four
months to "maneuver the (NMCI) network" to ensure that it was
free of intruders. The official said that while the incident was
officially characterized as a "serious intrusion," no networks
were damaged as a result of the breach.
Cylance said ten companies targeted in Operation Cleaver
were U.S.-based.
Cylance's report is the latest to show evidence of Iranian
hacking of U.S. interests. Cyber security firm FireEye Inc
in May said that an Iranian hacking group was behind an
series of attacks on U.S. defense companies.
The cyber intelligence firm iSight Partners also reported in
May that it had uncovered an unprecedented, three-year campaign
in which Iranian hackers had created false social networking
accounts and a bogus news website to spy on leaders in the
United States, Israel and other countries.
