Iran cyber group targets critical infrastructure in Saudi, Qatar: report

Reports surface of campaign that has prepped command-and-control systems for disruption

Tags: Cyber crimeCylance, Inc (www.cylance.com)IranQatarSCADA networksSaudi Arabia
  • E-Mail
Iran cyber group targets critical infrastructure in Saudi, Qatar: report
By  Stephen McBride Published  December 3, 2014

An Iran-based hacking group has targeted some of the world's leading energy, transport and telecoms companies, including those in Saudi Arabia and Qatar, leaving the hackers poised to disrupt critical infrastructure, Reuters reported, citing US cyber security firm Cylance.

Companies in sectors such as aerospace, aviation, education, energy, healthcare, and telecoms, in countries that include the US, China, Saudi Arabia, India, Germany, France and the UK, have been infiltrated over a two-year period, Cylance said. The cyber security firm did not mention any organisation by name, but Reuters cited a source familiar with the research, who claimed Saudi Aramco and Qatar Airlines were among the victims.

Aramco has already been the victim of a targeted attack. In August 2012, around 30,000 workstations were rendered inactive by the Shamoon virus in an apparent hacktivist campaign. While some reports laid blame with hackers inside the kingdom, some US officials reportedly believed Iran was responsible.

Iran suffered its own infrastructure attack in 2010, when the Stuxnet worm took large numbers of its uranium enrichment centrifuges offline. Since nearly 60% of Stuxnet-affected machines worldwide were estimated to be in Iran, and the malware was seen to act with such a finely tuned methodology, security analysts have concluded that the rootkit was built to specifically target Iran's Siemens Step7-based control systems, used in its nuclear plants.

Since then, Tehran has been accused of retaliatory strikes against US banks and has reportedly worked to strengthen its cyber security capabilities.

Cylance said its researchers had accessed the hackers' infrastructure and uncovered troves of user credentials, diagrams, and screenshots from targeted entities, including those in the education, energy, transportation and aerospace sectors.

"We believe that if the operation is left to continue unabated, it is only a matter of time before the team impacts the world's physical safety," Cylance said in its 87-page report.

Hamid Babaei, spokesman for Iran's mission to the United Nations, hit back at the allegations.

"This is a baseless and unfounded allegation fabricated to tarnish the Iranian government image, particularly aimed at hampering current nuclear talks," he said.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code