Iran improves ability to pull off cyber-attacks on US, report finds
-
Mark Clayton Staff writer
Hackers in Iran are a rising cyber-threat to the United States, as cyber-espionage attacks directed at American energy companies and state governments over the past year have made clear, a new report finds.
Russia and China remain the most serious nation-state cyber-threats facing the US, but Iran is coming on quickly, says the latest Mandiant M-Trends Threat Report released by parent company FireEye earlier this month.
鈥淢andiant has investigated multiple incidents of what we suspect is Iran-based network reconnaissance activity,鈥 says the report, released April 10. 鈥淭he majority of these incidents targeted the energy sector, although we have also seen these threat actors target the networks of several US state government agencies.鈥
In the case of one state agency, Iranian hackers 鈥渕aintained local administrative access鈥 and infected about one-quarter of the agency鈥檚 computer systems with malware, Mandiant reports. Along the way, hackers stole more than 150 gigabytes of network diagrams, user passwords, and other data.
Overall, the malicious software used in the Iranian cyber-attacks did not show great sophistication, the report said. Unlike Russian and Chinese adversaries, Iranian hackers are mostly using standard tools available on the black market. But that鈥檚 almost beside the point, it noted.
鈥淎lthough we do not believe these suspected Iran-based actors are particularly capable now, nothing stands in the way of them testing and improving their capabilities,鈥 the report said. 鈥淭he US and other nation-states鈥 increasingly public discussions of their offensive cyber capabilities might very well encourage other interested actors to develop and test their own skills.鈥
Iran鈥檚 capabilities are believed to be growing rapidly, thanks to ample funding from its government and easy access to Russian, Chinese, and black market cyber-tools and expertise, other cyber experts agree.
鈥淭hey鈥檝e put in place the structures, strategy 鈥 and have acquired software tools from the black market,鈥 James Lewis, a cyber expert with the Center for Strategic and International Studies, concurred in a recent interview. 鈥淭hey have groups whose job it is to hack.鈥
There鈥檚 also the undeniable aggressiveness.聽Iran is widely credited with carrying out damaging cyber-attacks on oil and gas company computers in Saudi Arabia and Qatar in August 2012. A spate of intense distributed denial of service (DDoS) against US banks began in fall 2012, running for about a year before inexplicably petering out.
The cessation of attacks on US banks might be a shift dictated by Iranian authorities eager to smooth international talks over Iran鈥檚 presumed nuclear weapons development program, some experts say. But Iran could become more aggressive if it isn鈥檛 happy with the outcome of the talks, they note.
鈥淎lthough the suspected Iran-based threat actors that Mandiant has聽observed appear to be less sophisticated than other threat actors, they pose an ever increasing threat due to Iran鈥檚 historical hostility towards US business and government interests,鈥 the report said.
鈥淚t鈥檚 that willingness to display belligerence in the cyber realm that sets Iran apart,鈥 Jen Weedon, a manager in the threat intelligence division at Mandiant, told the Monitor in a March interview.
