A wave of panic rippled through the Navy’s administration when it was discovered last year that Iranian hackers had breached their computer systems. Unfortunately, it was not an isolated incident. According to a new report from Cylance — a U.S. security firm — a team of hackers believed to be Iranian has infiltrated some of the world’s most important energy, transport, and infrastructure companies over the past two years.
“Global critical infrastructure organizations need to take this threat seriously,” said Mark Weatherford, the U.S. Department of Homeland Security’s Former Deputy Under Secretary for Cybersecurity. “The Iranian adversary is real and they’re coming, if not already here.”
“Tarh Andishan” — the name Cylance dubbed the team, which translates to “thinkers” or “innovators” — uses an evolved skill set of techniques to attack aerospace firms, airports and airlines, universities, energy firms, hospitals, and telecommunications operators.
The group has stolen information and compromised systems of unnamed companies based in the United States, Canada, Great Britain, China, Israel, Saudi Arabia, India, Germany, France, the United Arab Emirates, and even Qatar.
“Iran should be considered a first-tier cyber power,” said Gabi Siboni, a cybersecurity expert with the Israel Institute for National Security Studies.
The good news, Cylance reports, is that the team hasn’t compromised any “critical” infrastructure, meaning they’re not going to shut down New York city’s power grid or anything like that any time soon.
The bad news is that — if left alone — the problem will worsen to a point where they’ll be able to physically impact the world’s safety. Airport security systems have been hacked, after all, causing the physical security — that depends on its systems — to be breached.
Although Cylance presents a compelling case that Tarh Andishan is an Iranian group, the evidence is circumstantial. There is no smoking gun, yet. All of the attacks have Iranian IP addresses. The same addresses have also been linked to previous attacks on anti-government Iranian websites, too. Perhaps most compelling of all, one of Tarh Andishan’s custom tools had a built-in warning that alerted its user if his or her public IP location was shown as being Iranian.
At the same time, it could be a group somewhere else in the world trying to frame Iran. Without any damning evidence, Tarh Andishan could be from any of the other nations looking to steal and trade military secrets.
Naturally, Iran has denied such claims.
“This is a baseless and unfounded allegation fabricated to tarnish the Iranian government image, particularly aimed at hampering current nuclear talks,” said Iranian spokesperson Hamid Babaei to Reuters.
Though the group’s origin certainly matters, as it may affect their political ideology and reveal their motivations and strategies, the more important thing is that they’re out there, and need to be dealt with.
Cylance said, “We believe that if the operation is left to continue unabated, it is only a matter of time before the team impacts the world’s physical safety.”