Iranian hackers infiltrated government networks, airlines and oil and gas firms in four GCC states during a two-year campaign targeting critical infrastructure around the world, according to a new report by a US cybersecurity firm.
State-controlled oil company Saudi Aramco and Qatar Airways were among the specific targets of what the report called “Operation Cleaver”, a person close to the report, by Cylance, told Reuters.
Iran also attacked the military, aviation, energy and transportation sectors of countries including the UAE and Kuwait, while Cylance also backed US claims that Iran was responsible for a 2012 attack on the corporate computer systems and website of Saudi oil giant Aramco and Qatar’s RasGas, which caused the companies to temporarily shutdown.
Aerospace firms, airports and airlines, universities, energy firms, hospitals, and telecommunications operators based in the United States, Israel, China, Saudi Arabia, India, Germany, France, England also have been hit by the campaign, Cylance said, without naming individual companies.
The firm said the campaign showed Iran’s increasing ability to hack sophisticated systems that could allow it to eventually cause physical damage.
"We believe that if the operation is left to continue unabated, it is only a matter of time before the team impacts the world’s physical safety," Cylance said.
“As Iran’s cyber warfare capabilities continue to morph, the probability of an attack that could impact the physical world at a national or global level is rapidly increasing.
“Iran is no longer content to retaliate against the US and Israel alone. They have bigger intentions: to position themselves to impact critical infrastructure globally.”
The Iranian government has denied the report’s allegations.
“This is a baseless and unfounded allegation fabricated to tarnish the Iranian government image, particularly aimed at hampering current nuclear talks,” a spokesman for Iran’s mission to the United Nations, Hamid Babaei, told Reuters.
The Cylance report does not detail motives for the specific attacks but suggests that Iran is attempting to gain leverage in its ongoing discussions surrounding the end of its nuclear program.
Tehran has been investing heavily in its cyber capabilities since 2010, when its nuclear program was hit by the Stuxnet computer virus, widely believed to have been launched by the US and Israel. Iran has said its nuclear program is intended for the production of civilian electricity, and denies Western accusations it is seeking to build a nuclear bomb.
Cylance said the Iranian hacking group has so far focused its campaign on intelligence gathering, but that it likely has the ability to launch attacks.
It said researchers who succeeded in gaining access to some of the hackers' infrastructure found massive databases of user credentials and passwords, diagrams, and screenshots from organizations including energy, transportation, and aerospace companies, as well as universities.