This is the second episode related to Cyber Iran, you can find the first one here.
The most famous attack and the one that should be recognized as a cornerstone in the cyberwars between different nations and Iran is the dam cyberattack that happened in 2013, and we covered it during the first podcast in this series.
Even though the attack failed because the attackers weren’t professional enough, it still was worrying enough that it became the first time the president of the US officially and publicly accused Iran of executing a state-sponsored offensive cyberattack.
After Barack Obama accused Iran publicly, cyber incidents started to gain more exposure from the government side.
Fire Eye, the security firm, have been tracking a group of hackers they called APT33, and estimate that this group is affiliated with the Iranian government and is very active.
Recent attack that was affiliated with Iran happened in January 2019, Microsoft has detected cyberattacks linked to Iranian hackers that targeted thousands of people in more than 200 companies over the past two years.
The motives of the Iran-affiliated cyberattacks on the US seems to be split between knowledge theft and a foundation for the execution of future cyber campaigns (such as ransom).
Good example from recent years was covered in the first podcast of this series, in March 2018 when the U.S Department of Justice Charged Nine Iranians with conducting massive Cyber Theft campaigns on behalf of the Islamic Revolutionary Guard Corps. The Mabna Institute hackers penetrated systems belonging to hundreds of Universities, Companies, and other victims to steal research, academic Data, proprietary data, and Intellectual Property.
The US Attorney general said that an estimated 30 terabytes was removed from universities since the attack began, which is a rough equivalent of 8 billion double-sided pages of text. It is hard to quantify the value on the research and information that was taken from victims but it is estimated to be in the billions of dollars.
They not only stole the information, they also wiped out the servers and made sure no other copies were left after taking it.
The latest trend of state Iranian hackers that was identified by security experts is that the they changed their tactics when it was related to state-sponsored hacking. Instead of targeting specific people or specific businesses, they try to gain control over the service providers, for example, gaining the data of a hosting service provider which contains all the credentials needed to access the different sites. Or changing root DNS servers to redirect traffic through their own network, so they can spoof the traffic.
The idea behind those attacks is to aim at targets who hold databases or other archives of knowledge, so each successful attack will achieve much more datat or profit.
Some of the latest cyberattacks that were affiliated with Iran have been found to contain traces of Chinese tools used for the attacks.
While there is no visible link between Iran and China regarding state-sponsored cyberattacks, it seems that some offensive activities that are carried out by the Iranians are based on tools originating from China.
In this podcast, we focused on offensive cyberattacks carried out by Iran against the outside world,
In the upcoming episodes, we will continue to explore different angels.
All the information is information available publicly on the internet.
Don’t forget to visit www.cybercure.ai for the latest podcasts and cyber intelligence.