Operation Cleaver — Iranian Hackers Targeting Critical Infrastructure Worldwide

2014-12-04T21:22:00
ID THN:B00DAFF01A8AEFACA856DA85D568CB16
Type thn
Reporter Swati Khandelwal
Modified 2014-12-05T08:22:42

Description

Operation Cleaver — Iranian hackers Targeting Critical Infrastructure Worldwide

For over past two years, Iranian hackers have infiltrated computer networks of some of the world's top organizations including airlines, defense contractors, universities, military installations, hospitals, airports, telecommunications firms, government agencies, and energy and gas companies, security researchers said.

An 87-page report published by the U.S. cyber security firm Cylance says Iranian state-sponsored hackers have hacked critical infrastructure of more than 50 organizations in 16 countries worldwide in a cyber-espionage campaign that could allow them to eventually cause physical damage. Among the targeted organizations, ten are reportedly based in the United States.

The threat-detection firm dubbed the campaign as "Operation Cleaver," which aimed at gathering data from various agencies. The group reportedly stole highly sensitive information and took control of networks in Canada, China, England, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey, the United Arab Emirates, and the U.S.

But what could be the exact motive of Iranian hackers behind this Operation Cleaver?? Well, Cylance firm suspects it is revenge from the US and Israel for developing the Stuxnet worm that infected Iran's nuclear program years ago, and launching espionage campaigns using Flame and Duqu malware.

In Operation Cleaver, the group uses its own custom software to hack critical infrastructure and pumped-up highly sensitive, confidential information from victims. They use SQL Injection, spear phishing, water-holing attacks and other methods in order to compromise the networks.

> "We believe that if the operation is left to continue unabated, it is only a matter of time before the world's physical safety is impacted by it," the report said. "While the disclosure of this information will be a detriment to our ability to track the activity of this group, it will allow the security industry as a whole to defend against this threat."

According to the security researchers at the firm, so far the group has only focused on gathering intelligence, but it has the ability to launch cyber-attacks on their targets as well.

The research firm didn't exposed the individual companies, but a Reuters source listed these Corporations which includes California power company Calpine Corp, Saudi Arabia's petroleum and gas company Aramco, Mexican-state-owned Petroleos Mexicanos or Pemex, Qatar Airlines and Korean Air.

However, an Iranian spokesperson Hamid Babaei has denounced Cylance's report as a "baseless and unfounded allegation fabricated to tarnish the Iranian government image, particularly aimed at hampering current nuclear talks."

Iranian hackers group have collected a lot of information so far, according to researchers who managed in gaining access to some of the hackers' infrastructure finding"massive databases of user credentials and passwords, diagrams, and screenshots from organizations including energy, transportation, and aerospace companies, as well as universities.

> "During intense intelligence gathering over the last 24 months, we observed the technical capabilities of the Operation Cleaver team rapidly evolve faster than any previously observed Iranian effort. As Iran's cyber warfare capabilities continue to morph, the probability of an attack that could impact the physical world at a national or global level is rapidly increasing," the report said.