Iranian Hackers targeting US utilities and infrastructure

Last updated on Jan 12, 2020

Posted on Jan 12, 2020

As the US – Iran tensions grow, Iranians are targeting US in unexpected ways. One of the fears was the use of their hacking prowess, which they are doing now.  They aren’t gifted or have the information as yet to take over the electrical grid in the US, but they are working to get there.  Password-spraying attacks on US utilities and oil / gas companies have increased.

On Thursday morning, industrial control system security firm Dragos detailed newly revealed hacking activity that it has tracked and attributed to a group of state-sponsored hackers it calls Magnallium. The same group is also known as APT33, Refined Kitten, or Elfin, and has previously been linked to Iran. Dragos says it has observed Magnallium carrying out a broad campaign of so-called password-spraying attacks, which guess a set of common passwords for hundreds or even thousands of different accounts, targeting US electric utilities as well as oil and gas firms.  Source: Iranian Hackers Have Been ‘Password-Spraying’ the US Grid | WIRED

Iran has been indulging in Password-spraying and VPN hacking work for a long time.  They have earlier breached some electrical utilities and now have also breached Bahrain’s national oil company Bapco.  They used the VPN vulnerabilities in the companies network. A Devco report has now said that Palo Alto networks also have similar VPN vulnerabilities and could be exploited.

Just because we do not yet know of any breach, does not mean that they haven’t already breached something.  Their efforts have been going on for a while.

They don’t have to turn off the lights.  They simply have to incapacitate a company.

John Hultquist, the director of intelligence at security firm FireEye, which has tracked Magnallium for years under the name APT33, warns that its intrusions have frequently led to less sophisticated but nonetheless crippling acts of disruption. The group has been tied to cyberattacks that have destroyed thousands of computers, so-called wiper malware operations that have hit Iran’s adversaries across the Gulf region. They may not be able to turn out the lights, but they could simply destroy an electric utility’s computer network.

The battle is therefore far bigger and wider than just the one being fought in the Gulf.

Share on

Tags

Subscribe to see what we're thinking

Subscribe to get access to premium content or contact us if you have any questions.

Subscribe Now