• Reuters

  • SHARE

The Federal Bureau of Investigation has warned U.S. businesses to be on the alert for a sophisticated Iranian hacking operation whose targets include defense contractors, energy firms and educational institutions, according to a confidential agency document.

The operation is the same as one flagged last week by cybersecurity firm Cylance Inc. as targeting critical infrastructure organizations worldwide, cybersecurity experts said. Cylance has said it uncovered more than 50 victims from what it dubbed Operation Cleaver, in 16 countries, including the United States.

The FBI’s confidential “Flash” report, seen by Reuters on Friday, provides technical details about malicious software and techniques used in the attacks, along with advice on thwarting the hackers. It asked businesses to contact the FBI if they believed they were victims.

Cylance Chief Executive Stuart McClure said the FBI warning suggested that the Iranian hacking campaign may have been larger than its own research revealed. “It underscores Iran’s determination and fixation on large-scale compromise of critical infrastructure,” he said.

The FBI’s technical document said the hackers typically launch their attacks from two IP addresses that are in Iran, but did not attribute the attacks to the Tehran government. Cylance has said it believes Iran’s government is behind the campaign, a claim Iran has vehemently denied.

An FBI official did not provide further details, but said the agency routinely provides private industry with advisories to help it fend off online threats.

The Pentagon and National Security Agency had no immediate comment.

Tehran has been substantially increasing investment in its Internet capabilities since 2010, when its nuclear program was hit by the Stuxnet computer virus, widely believed to have been launched by the United States and Israel.

Professionals who investigate cyberattacks said they are seeing evidence that Iran’s investment is paying off.

“They are good and have a lot of talent in the country,” said Dave Kennedy, CEO of TrustedSEC LLC. “They are definitely a serious threat, no question.”

Iranian hackers are increasingly being blamed for sophisticated cyberattacks.

Bloomberg Businessweek on Thursday reported that Iranian hacker activists were responsible for a devastating February 2014 attack on casino operator Las Vegas Sands Corp. that crippled thousands of servers by wiping them with destructive malware. It said the hackers sought to punish Sands CEO Sheldon Adelson for comments he made about detonating a nuclear bomb in Iran.

In a time of both misinformation and too much information, quality journalism is more crucial than ever.
By subscribing, you can help us get the story right.

SUBSCRIBE NOW