Iranian hackers wage cyber campaign
Iran has increased its offensive cyberattacks against the United States government and critical infrastructure as tensions have grown between the two nations, cybersecurity firms say.
In recent weeks, hackers believed to be working for the Iranian government have targeted US government agencies, as well as sectors of the economy, including oil and gas, sending waves of spear-phishing emails, according to representatives of cybersecurity companies CrowdStrike and FireEye, which regularly track such activity.
It was not known if any of the hackers managed to gain access to the targeted networks with the emails, which typically mimic legitimate emails but contain malicious software.
The cyber offensive is the latest chapter in the US and Iran’s ongoing cyber operations targeting the other, with this recent sharp increase in attacks occurring after the Trump administration imposed sanctions on the Iranian petrochemical sector this month.
Tensions have escalated since the US withdrew from the 2015 nuclear deal with Iran last year and began a policy of “maximum pressure”. Iran has since been hit by multiple rounds of sanctions. Tensions spiked this past week after Iran shot down an unmanned US drone - an incident that nearly led to a US military strike against Iran on Thursday evening.
“Both sides are desperate to know what the other side is thinking,” said John Hultquist, director of intelligence analysis at FireEye. “You can absolutely expect the regime to be leveraging every tool they have available to reduce the uncertainty about what’s going to happen next, about what the US’s next move will be.”
CrowdStrike shared images of the spear-phishing emails with The AP.
One such email that was confirmed by FireEye appeared to come from the Executive Office of the President and seemed to be trying to recruit people for an economic adviser position. Another email was more generic and appeared to include details on updating Microsoft Outlook’s global address book.
The Iranian actor involved in the cyberattack, dubbed ‘Refined Kitten’ by CrowdStrike, has for years targeted the US energy and defence sectors, as well as allies such as Saudi Arabia and the United Arab Emirates, said Adam Meyers, vice-president of intelligence at CrowdStrike.