For at least two years, Iranian hackers have penetrated the computer networks of government agencies and major energy, transportation and infrastructure companies in the United States and 15 other countries, a security-services firm reports.
The intruders have stolen "highly sensitive materials" from at least 50 firms worldwide, including 10 U.S. companies, according to Cylance, based in Irvine, Calif.The firm warns that "the probability of an attack that could impact the physical world at a national or global level is rapidly increasing."
Hamid Babaei, spokesman for Iran's U.N. mission, told Reuters that the report was "a baseless and unfounded allegation fabricated to tarnish the Iranian government image, particularly aimed at hampering current nuclear talks."
Dubbed "Operation Cleaver," the effort has "successfully leveraged both publicly available and customized tools to attack and compromise targets around the globe," thethe 87-page report claims.
"During intense intelligence gathering over the last 24 months, we observed the technicalcapabilities of the Operation Cleaver team rapidly evolve faster than any previously observedIranian effort," the report states.
Targets have included "military, oil and gas, energy and utilities, transportation, hospitals, telecommunications, technology, education, aerospace, defense contractors, chemical, companies, and governments."
Besides the United States, the hackers have hit firms and agencies in Canada, China, England, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey and the United Arab Emirates, Cylance claims.
The report did not name companies. A person familiar with the researchtoldReuters that U.S. energy producerCalpine Corp. was among them. Others identified but not confirmed include Saudi Aramco and Petroleos Mexicanos, along with Qatar Airlines and Korean Air.
The effort isbelieved to be based in Tehran, with assistance coming from others inthe Netherlands, Canada and the U.K. Cylance said evidence indicates the same group carried out a 2013 attack on a U.S. Navy network.
So far, the Cylancereportstates, the intrusions have "successfully evaded detection by existing security technologies." It did not explain how it determined the intrusions were occurring or indicate what data were stolen.
A computer worm known as Stuxnet, reportedly created by the United States and Israel, briefly disrupted Iran's uranium-enrichment activity in 2010. Two years later, Iran reported stopping another cyberattack, which targeted a power plant and other industries in the country's south.