Tensions between the U.S and Iran are high this week, with the possibility of war between the two countries. Early Thursday morning, Iran shot down a 220-million-dollar RQ-4A Global Hawk belonging to the U.S. According to the U.S Central Command, the drone was flying in international airspace, however, Iran claims the drone was present in Iranian airspace. This drone shot comes just a few weeks after Iran attacked two U.S fuel tankers in the Gulf of Oman.
It is a high possibility that both the U.S and Iran have begun cyber attacks against each other. Iranian hackers have increasingly begun attacking and trying to penetrate U.S organizations over the past several weeks. Cybersecurity firms, Dragos, Crowdstrike, and FireEye told Wired, that they discovered Iranian hackers sending phishing emails to U.S organizations. Dragos has stated that the Department of Energy, US National labs and an additional half dozen organizations have been targeted.
John Hultquist, director of threat intelligence at FireEye stated:
“Essentially, there have been many people targeted since these tensions increased”
The hacker group behind the attacks is APT33, who is known for working closely with the Iranian government. Security researchers also say that the group has access to data-destroying malware. APT33 intrusion attempts signal a bigger and more destructive cyberwarfare in the near future.
Recent phishing attacks by APT33, include emails posing as a job opening at the White House’s Executive Office of the President. The email includes a link, when clicked installs malware payload, Powerton, onto the user’s machine. This malware is an all-purpose remote access trojan. Further, Crowdstrike has mentioned that the nature of the email suggest that the attackers are trying to learn about what the Trump administration plans to do about trade sanctions against Iran. Vice President of intelligence at Crowdstrike, Adam Meyers, stated:
“I think this is probably intelligence collection. But any time they’re going to engage in that collection there’s the possibility it could be preparation for other operations”
Joe Slowik, an analyst at Dragos, has also stated:
“When the shit hits the fan, you can’t turn on a dime and say ‘I need cyber now…So it may be related to having that strategic flexibility in the future with no immediate intention to be disruptive or destructive…When you see tensions start to rise, the need to flesh out that access is going to increase in tandem.”
It is important to note, that we do not know what the hackers are targeting at this time, whether they are gathering intelligence or scanning the environments for a bigger attack. Further, it is not known if the hack groups have been successful. Additionally, Iran has previously claimed to have hacked the U.S drone command and control networks. They released footage this year, showing video where they forced a U.S drone to crash in the Syrian dessert. The U.S later hit the drone from above.
Contact LIFARS today for it Cyber Resiliency Program