Home / / Iran cyber group targets critical infrastructure in Saudi, Qatar: report

Iran cyber group targets critical infrastructure in Saudi, Qatar: report

Reports surface of campaign that has prepped command-and-control systems for disruption

Iran cyber group targets critical infrastructure in Saudi, Qatar: report

An Iran-based hacking group has targeted some of the world's leading energy, transport and telecoms companies, including those in Saudi Arabia and Qatar, leaving the hackers poised to disrupt critical infrastructure, Reuters reported, citing US cyber security firm Cylance.

Companies in sectors such as aerospace, aviation, education, energy, healthcare, and telecoms, in countries that include the US, China, Saudi Arabia, India, Germany, France and the UK, have been infiltrated over a two-year period, Cylance said. The cyber security firm did not mention any organisation by name, but Reuters cited a source familiar with the research, who claimed Saudi Aramco and Qatar Airlines were among the victims.

Aramco has already been the victim of a targeted attack. In August 2012, around 30,000 workstations were rendered inactive by the Shamoon virus in an apparent hacktivist campaign. While some reports laid blame with hackers inside the kingdom, some US officials reportedly believed Iran was responsible.

Iran suffered its own infrastructure attack in 2010, when the Stuxnet worm took large numbers of its uranium enrichment centrifuges offline. Since nearly 60% of Stuxnet-affected machines worldwide were estimated to be in Iran, and the malware was seen to act with such a finely tuned methodology, security analysts have concluded that the rootkit was built to specifically target Iran's Siemens Step7-based control systems, used in its nuclear plants.

Since then, Tehran has been accused of retaliatory strikes against US banks and has reportedly worked to strengthen its cyber security capabilities.

Cylance said its researchers had accessed the hackers' infrastructure and uncovered troves of user credentials, diagrams, and screenshots from targeted entities, including those in the education, energy, transportation and aerospace sectors.

"We believe that if the operation is left to continue unabated, it is only a matter of time before the team impacts the world's physical safety," Cylance said in its 87-page report.

Hamid Babaei, spokesman for Iran's mission to the United Nations, hit back at the allegations.

"This is a baseless and unfounded allegation fabricated to tarnish the Iranian government image, particularly aimed at hampering current nuclear talks," he said.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.