Report: Iran hacking key U.S., global firms

For at least two years, Iranian hackers have penetrated the computer networks of government agencies and major energy, transportation and infrastructure companies in the United States and 15 other countries, a security-services firm reports.

The intruders have stolen “highly sensitive materials” from at least 50 firms worldwide, including 10 U.S. companies, according to Cylance, based in Irvine, Calif. The firm warns that “the probability of an attack that could impact the physical world at a national or global level is rapidly increasing.”

Hamid Babaei, spokesman for Iran’s U.N. mission, told Reuters that the report was “a baseless and unfounded allegation fabricated to tarnish the Iranian government image, particularly aimed at hampering current nuclear talks.”

Dubbed “Operation Cleaver,” the effort has “successfully leveraged both publicly available and customized tools to attack and compromise targets around the globe,” the the 87-page report claims.

“During intense intelligence gathering over the last 24 months, we observed the technical capabilities of the Operation Cleaver team rapidly evolve faster than any previously observed Iranian effort,” the report states.

Targets have included “military, oil and gas, energy and utilities, transportation, hospitals, telecommunications, technology, education, aerospace, defense contractors, chemical, companies, and governments.”

Besides the United States, the hackers have hit firms and agencies in Canada, China, England, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey and the United Arab Emirates, Cylance claims.

The report did not name companies. A person familiar with the research told Reuters that U.S. energy producer Calpine Corp. was among them. Others identified but not confirmed include Saudi Aramco and Petroleos Mexicanos, along with Qatar Airlines and Korean Air.

The effort is believed to be based in Tehran, with assistance coming from others in the Netherlands, Canada and the U.K. Cylance said evidence indicates the same group carried out a 2013 attack on a U.S. Navy network.

So far, the Cylance report states, the intrusions have “successfully evaded detection by existing security technologies.” It did not explain how it determined the intrusions were occurring or indicate what data were stolen.

A computer worm known as Stuxnet, reportedly created by the United States and Israel, briefly disrupted Iran’s uranium-enrichment activity in 2010. Two years later, Iran reported stopping another cyberattack, which targeted a power plant and other industries in the country’s south.

By USA Today


The Iran Project is not responsible for the content of quoted articles.