While the US Cyber Command has been focusing on the Chinese, North Koreans, and the Russians, and their respective intrusions into the networks of US companies, energy utilities, our military, and government agencies, Iran has been creating a world-class cyber-ops unit of their own. Details about what is being called “Operation Cleaver” has been released by security company Cylance.
The Iranian Cyber Army started operations in the early 2000’s. It has transformed from a small group that focused on political web site defacements, denial of service attacks, and other low level cyber-operations into a potent, world class cyber operations unit.
Partly as revenge for the joint US/Israeli “Olympic Games” operation involving Stuxnet, Flame, and Duqu malware exploits, Iranian cyber-operations assets have been attacking US and other Western resources since at least 2012.
An example of Iran’s improved capabilities was demonstrated in 2012’s Shamoon campaign, which attacked RasGas and Saudi Aramco. Shamoon caused the physical destruction of hard drives in over 30,000 computers and remediation cost tens-of-thousands of hours and millions of dollars.
Iran followed up with Operation Ababil in 2012 and 2013, a denial of service operation targeting banks in the United States. Then Iran hacked into US Navy Marine Corp Internet computers worldwide, and lauched a sustained barrage against Israeli power, water, and banking computer systems in 2013. An espionage campaign named Operation Saffron Rose and waterhole attack Operation Newscaster were launched in 2014.
With Operation Cleaver, Iranian cyber-warriors have set up a world-wide network penetration and surveillance program. They have breached networks, established a persistent foothold in servers and other equipment, and exfiltrated sensitive information from governments and critical infrastructure operators.
Countries affected include the United States, Canada, Mexico, England, France, Germany, India, China, South Korea, Israel, Kuwait, Pakistan, Qatar, Saudi Arabia, Turkey, and the United Arab Emirates. The targeted organizations include governments, militaries, oil and gas production and transportation, energy and utilities, electrical transmission, transportation, airlines, airports, hospitals, telecommunications and Internet, technology, education, aerospace, defense industries, and chemical companies.
The Cylance whitepaper goes on to 86 pages, which makes it a long read, but if you are running computer operations in one of the targeted industrial sectors, you ought to put it on the top of your reading list. There are lots of very specific indications of compromise, and details about cyber tools and even the names of some of the Iranian team members.
- Cylance whitepaper
- Wyzguys Cyber-war Archive – Read our previous articles on cyber-war
- Wikipedia – Operation Cleaver