FBI Warns US Businesses Of Potential Iranian Hacker Activity

Chuck Bednar for redOrbit.com – Your Universe Online
A confidential US Federal Bureau of Investigation (FBI) report is warning American businesses about a sophisticated Iranian hacking operation targeting airlines, defense contractors, energy firms and educational institutions.
According to Jim Finkle of Reuters, the activity was first discovered earlier this month by cyber security firm Cylance, which said that those involved were targeting critical infrastructure organizations all over the globe. The company said that it had already discovered over 50 victims in 16 countries, including the US, in what is known as “Operation Cleaver.”
The new FBI “flash” report, which Reuters said it had seen on Friday, provides technical details about malware and various other techniques used in the attacks, as well as advice on how to best deal with the hackers. It also asked organizations to contact the bureau if they believed that they were victims of the Iranian hacking campaign.
While the FBI did not offer additional details, Cylance chief executive Stuart McClure told reporters that the agency’s warning suggested that Operation Cleaver might have been a larger-scale endeavor than its own research had previously indicated. He added that it “underscores Iran’s determination and fixation on large-scale compromise of critical infrastructure.”
Finkle said that the FBI technical documents indicate that the hackers typically launch attacks from two IP addresses located in Iran, but did not specifically claim that the country’s government was behind the activity. Cylance said that it believes that the Tehran regime is behind Operation Cleaver, but officials there deny those accusations.
According to the Daily Mail, experts state that Iran has been investing heavily in its cyber capabilities since its nuclear program was hit by the Stuxnet computer virus in 2010. Dave Kennedy, CEO of TrustedSEC said that those efforts have turned them into “a serious threat” with “a lot of talent” in the field, and according to Menchie Mendoza of Tech Times, the country is believed to have already been responsible for several attacks.
“In February, the group was believed to be responsible for the devastating attack on Las Vegas Sands Corp, a casino operating business,” Mendoza said. “The attack shut down thousands of servers, which had been wiped with destructive malware. The hackers later admitted that the attack was meant to punish Sheldon Adelson, Sands CEO, after he made comments about a plan to detonate a nuclear bomb in Iran.”
While no one has officially claimed responsibility for developing the Stuxnet trojan virus, it has frequently been reported that the US and Israel commissioned its development in order to attack Iran. Evidence has suggested that whoever is behind the malware program may have started work on it as early as 2005, five years before it was first deployed, and that it was likely developed by people hired by an outside organization and now a vengeance-seeking band of hackers.
In November, the same researchers at security firm Symantec that first discovered Stuxnet reported on a new, similar type of trojan that they believe has been used to spy on governments, companies and researchers for more than six years. The origins of the program, which has been identified as Regin, are unknown, but Symantec said that nearly 100 infections involving the cyber-espionage tool had been discovered as of November 24, 2014.