Critical Infrastructure compromised by Iran

The attacks have collectively been dubbed Operation Cleaver after a string found in various malware tools used by the hacker group, which is believed to operate primarily out of Tehran.

operation-cleaver“We discovered over 50 victims in our investigation, distributed around the globe,” said researchers from IT security firm Cylance in an extensive report released Tuesday. “Ten of these victims are headquartered in the US and include a major airline, a medical university, an energy company specializing in natural gas production, an automobile manufacturer, a large defense contractor, and a major military installation.”

Other victims were identified in Canada, China, England, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey and the United Arab Emirates.

The attackers used publicly available attack tools and exploits, as well as specialized malware programs they created themselves. Cylance believes the team consists of at least 20 hackers and developers who support Iranian interests and were probably recruited from the country’s universities.

“The infrastructure utilized in the campaign is too significant to be a lone individual or a small group,” the Cylance researchers said. “We believe this work was sponsored by Iran.”

The type of access the hackers obtained inside various organizations and the data they stole varied widely. In the case of universities, they targeted research data, student information, student housing, as well as identifying information, pictures and passports. In the case of critical infrastructure companies, they stole sensitive information that could allow them or affiliated organizations to sabotage industrial control systems and SCADA (supervisory control and data acquisition) environments, the Cylance researchers said.

No evidence of such sabotage by the group exists so far, but Cylance believes this could be the campaign’s end goal, as retaliation by Iran for the Stuxnet, Duqu and Flame malware attacks. Stuxnet, which is viewed as the world’s first cyberweapon, is believed to have been created by the U.S. and Israel to sabotage Iran’s uranium enrichment efforts and set back its nuclear program.

“Perhaps the most bone-chilling evidence we collected in this campaign was the targeting and compromise of transportation networks and systems such as airlines and airports in South Korea, Saudi Arabia and Pakistan,” the Cylance researchers said. “The level of access seemed ubiquitous: Active Directory domains were fully compromised, along with entire Cisco Edge switches, routers, and internal networking infrastructure.”

“They achieved complete access to airport gates and their security control systems, potentially allowing them to spoof gate credentials,” the researchers said. “They gained access to PayPal and Go Daddy credentials allowing them to make fraudulent purchases and allowed unfettered access to the victim’s domains. We witnessed a shocking amount of access into the deepest parts of these companies and the airports in which they operate.”

John Kerry wants to make a deal with these people.

I guess we know now why he was so anxious to give them a six month extension on the nuke talks.

Nah, the Obama Administration wouldn’t allow themselves to be blackmailed, would they?

October Black Swan Roundup

1) Stuxnet is “Something Big”
How Stuxnet is Scaring the Tech World Half to Death

To date, no one knows exactly what Stuxnet was doing in the Siemens PLC. “It’s looking for specific things in specific places in these PLC devices,” Digital Bond CEO Dale Peterson told PC World. “And that would really mean that it’s designed to look for a specific plant.” Tofino Security Chief Technology Officer Eric Byres was even more ominous, saying, “The only thing I can say is that it is something designed to go bang.”

2) Massive Mortgage Mess

CNBC’s Diana Ollick who is by and far the company’s best (and only) investigative reporter, confirms various so far unfounded rumors, that the government is planning to institute a 90 day foreclosure moratorium as it deals with the realization of just how big and pervasive the mortgage problem is, and even worse, will soon be.

3. Consumer bankruptcies at 1.6M run rate Good thing that recession thingy is over.

September consumer bankruptcy filings once again are on the rise, with the monthly total hitting 130,329, 4.4% higher than the prior month. Overall, YTD bankruptcies of 1,046,449 are 11% higher than compared to the same period last year, as America revels in its newly found post-recession reality by going straight to bankruptcy go and not passing go. As Dow Jones reports, “the bankruptcy filings so far in 2010 represent the highest total since 2005” and are on track to hit a record 1.6 million by the end of the year.

Der Komödiant – Autorenblog – Schreiben um des Schreibens willen

schreibend • meinend • kauzig • kritisch • Aus Berlin. Kurzgeschichten, Erlebnisse, mal getreu der Geschehnisse, mal völlig der Phantasie entsprungen. Schreibend um des Schreibens willen vom Schreiberling zum Autor.

TIME NEVER DIES

Sercan Ondem

Father Says...

one dad's thoughts on life

Resultize

everything about career, self-development, productivity & learning

TIME NEVER DIES

The Circle Is Not Round

The Reset Blog

Start over but don't stop

raulconde001

A topnotch WordPress.com site

My life as Atu's Blog

a small thougt for a big planet of daydreamer

Taffy Toffy's Blog

太妃糖的博客

tekehdddddddddddddddddddddddddddd.wordpress.com/

About life, the universe and everything

Drowning in depression.

Is'nt it great being a human!

%d bloggers like this: