A previously unknown hacking group believed to be based inIranhas started cyber attacks inside the U.S., according to Mandiant Corp., a security company thats linked Chinas army to similar activity.The Iranian group emerged within the last six months and has infiltrated the networks of at least one U.S. corporation, Richard Bejtlich, Mandiants chief security officer, said in an interview in Washington today.
Youre starting to see the Iranians get more active, Bejtlich said. Weve got at least one case where we think its Iran, and we think what they are doing is trying to gain some experience on a live network.
Bejtlichs observation backs assertions by U.S. politicians including Representative Mike Rogers, a Michigan Republican and chairman of the House Intelligence Committee, that Iranian groups are behind recent cyber attacks.
Closely held Mandiant, based in Alexandria,Virginia, released a report in February concluding Chinas Peoples Liberation Army may be behind the hacking of at least 141 companies worldwide since 2006.
Mandiant is investigating the new groups tactics and hasnt concluded its backed by Irans government, Bejtlich said. We dont know if its the government, he said. We dont know if theyre patriotic hackers.
The groups motivation isnt clear, and Bejtlich wouldnt name the U.S. company that has been infiltrated or what industry is involved.
We havent seen these guys before, Bejtlich said. They are working their way through a network trying to figure out where can they go; who will find them; who will stop them.
Growing Threat
Allegations that the Iranian government is behind cyber attacks are baseless, Alireza Miryusefi, a spokesman for the country, said in an e-mailed statement. Iran has been repeatedly targeted in hacking attacks sponsored by other governments and wants an international legal framework to address issues surrounding cyber warfare, he said.
Mandiant tracks about two dozen groups considered to be the most aggressive attackers, known as advanced persistent threats. The majority of the groups are based inChinawhile others are Russian or Eastern European, Bejtlich said.
Bejtlich said he is increasingly worried about cyber attacks escalating from espionage to sabotage, or the destruction of computer systems.
Persistent Attacks
No ones been talking about that previously, he said. What I worry about is that someones going to make a decision to do that and either not think through the consequences or understand the consequences, or even care about the consequences.
The House has passed legislation, H.R. 624, that would encourage information sharing about threats between the government and private sector.
Bejtlich said information sharing alone wont stop cyber attacks. The group in China identified in Mandiants February report continues its attacks, for example, he said.
There are plenty of sites that are still being attacked by the same group using the same methods and the same infrastructure, Bejtlich said. Its clear that even when you make information completely free and just available for download, its not going to solve the worlds problems.
He said legislation is needed clarifying that companies can protect their networks from attacks, and businesses need to remain vigilant.
We respond to companies that are armed like Fort Knox and it didnt make a difference, he said. If youre a sufficiently juicy target, they will find their way in no matter what you have.
By Bloomberg
The Iran Project is not responsiblefor the content of quoted articles.
