After the 2010 Stuxnet worm attack on the Natanz nuclear plant served as an eye-opener for Iranian officials, Iran has been giving high priority to cybersecurity. The latest Tehran has to offer to US and Israel is a cyber-espionage campaign called “Fox Kitten“. Researchers at ClearSky Cyber Security have reportedly traced it back to state-sponsored hacking groups called Advanced Persistent Threat (APT): APT33 and APT34.
Crux of the Matter
Struxnet Worm: World’s First Digital Weapon In January 2010, inspectors with the International Atomic Energy Agency visiting the Natanz uranium enrichment plant in Iran noticed the unparalleled rate of failing of centrifuges, used to enrich uranium gas. Five months later, a computer security firm in Belarus was called in to troubleshoot a series of computers in Iran that were crashing and rebooting repeatedly. Both problems were a mystery until the researchers found a handful of malicious files on one of the systems and discovered Struxnet. Rather than simply hijacking targeted computers or stealing information from them, it escaped the digital realm to wreak physical destruction on equipment the computers controlled. Thus in the Natanz case, it manipulated valves on the centrifuges to increase the pressure inside them and damage the devices. The masterminds were later on discovered to be the U.S. and Israeli governments.
Fox Kitten: The Growling Iranian Cat The Fox Kitten espionage campaign is a fitting reply from Tehran to Struxnet. Targeting various industry sectors in both the U.S. and Israel, it has been ongoing for the last three years. It has apparently enabled the state-sponsored hacking groups, APT33 and APT34 to succeed in gaining access to numerous networks belonging to organizations in the aviation, government, IT, oil and gas, security and telecommunications sectors. Although Iran wouldn’t be able to make much headway with tech giants like Apple, Google, Facebook, the report goes on to assess that the Iranian offensive hackers have been working together to employ the attack on the infrastructure of myriad other organizations, to maintain a persistent foothold on all those networks.
White House’s VPN Call The attack vector of these attacks has identified the highest in exploitation of known VPN and RDP vulnerabilities in unpatched. Both exploits can be used to infiltrate and then gain control of critical data storage by the Iranian hacker groups. Citrix and Windows devices are expected to face such significant attacks in 2020. Thus the U.S. government has issued a “serious” cybersecurity alert that has strictly asked organizations to update their VPN installations. In the meantime, Jon Bateman, a former Iran expert at the U.S. Defense Intelligence Agency and now a fellow at the Carnegie Endowment for International Peace says, “I don’t think Iran is finished. The door is open, he says, to follow-on actions that are more covert or more plausibly deniable.”
This Is What An Iranian Cyber Attack Looks Like In 2020, hey cybersecurity enthusiasts another interesting article for youhttps://t.co/t8UV5TbAdP#onlinesecurity #onlineprivacy #cyberattacks #countryvpns #dataprivacy #forbes — countryvpns (@countryvpns) February 18, 2020
Curiopedia
An advanced persistent threat (APT) is a stealthy computer network threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state sponsored groups conducting large-scale targeted intrusions for specific goals. More Info
Stuxnet is a malicious computer worm, first uncovered in 2010, thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel. Stuxnet specifically targets programmable logic controllers (PLCs), which allow the automation of electromechanical processes such as those used to control machinery and industrial processes including gas centrifuges for separating nuclear material. More Info
Curated Coverage
Comments