Iranian hackers target global infrastructure sector in Operation Cleaver ‘revenge’ attacksRevenge???Operation Cleaver

The report from Cylance states that companies in the US, Israel, China, Saudi Arabia, India, Germany, France and the UK have been targeted with attacks aimed at infrastructure sectors such as aerospace, universities, energy firms, hospitals and telecoms. Another report published on Military Times says that even the US  Navy-Marine Corps Intranet was hacked under this operation.

Revenge???

Reuters reported that the campaign comes as Iran seeks revenge for cyber attacks designed to scupper its nuclear ambitions. Iran believes that Russia, China, Israel and the US were all behind the Stuxnet worm which had an debilitating effect on Iran’s nuclear research and crippled Iran’s critical infrastructure network.country’s systems. Operation Cleaver is thought to be a revenge by the hackers who are allegedly backed by Iranian state.

Operation Cleaver

This sustained hacking campaign has been dubbed as “Operation Cleaver” by Cylance.  According to them,  Operation Cleaver has attained the highest levels of system access of targets located in 16 countries spread across the world. Cylance states that the compromised systems in the Operation Cleaver attacks include Active Directory domain controllers that store employee login credentials, servers running Microsoft Windows and Linux, routers, switches, and virtual private networks. Cylance notes that top  50 victims including 10 U.S. companies, include airports, hospitals, telecommunication providers, chemical companies, and  governments.   As per the Cylance report, the Iranian-backed hackers are reported to have extraordinary control over much of the world’s critical infrastructure. Cylance researchers wrote: Chillingly, the remote access infrastructure for airlines and airports in South Korea, Saudi Arabia and Pakistan were among the transportation targets. The group accessed airport gate and security control systems, a “shocking amount of access into the deepest parts of these companies and the airports in which they operate,” the report says. The hackers dedicated special effort to the Oil and gas sector as well.  Cylance says that the went after nine such companies around the world. In the Middle East, the hacking group targeted oil and gas companies in Kuwait, Qatar and Saudi Arabia, according to the report. The Shamoon attacks in 2012 which crippled RasGas and Saudi Aramco may be a part of this operation says the report. So far, the Cylance report states, the intrusions have “successfully evaded detection by existing security technologies.” It did not explain how it determined the intrusions were occurring or indicate what data were stolen.