London, 18 Feb – US companies and government agencies have been targeted in increased cyber attacks by Iranian hackers, which security experts believe may be linked to Donald Trump’s decision to pull out of the 2015 nuclear deal last year.
According to several sources, who were not able to speak publically, the Iranian attacks on US entities have been far more extensive than previously reported, with dozens of businesses and multiple United States agencies hit.
These attacks, which the National Security Agency and private security firm FireEye have attributed to Iran, were so worrying that they prompted the Department of Homeland Security to issue an emergency order during the government shutdown in January.
While threats from Iran never stopped entirely, there was a definite drop in reported instances following the signing of the 2015 nuclear deal, however, it could be that Iran was targeting other countries or refining their skills. After all, we know that the Regime never really gave up its nuclear programme.
Adam Segal, the director of the cyberspace program at the Council on Foreign Relations, said: “Some of the recent intelligence collection has been for military purposes or preparing for some future cyber conflict, but a lot of the recent theft is driven by the demands of the five-year plan and other technology strategies. They always intended on coming back.”
Following Trump’s withdrawal from the deal, homeland security secretary Kirstjen Nielsen testified before Congress that she anticipated the possibility of Iran resorting to hacking and said that federal agencies were working to thwart new Iranian espionage campaigns.
The attacks that hit over a half-dozen federal agencies last month appeared to catch Homeland Security off guard, by exploited underlying weaknesses and causing more damage than was first admitted.
Of course, the US is not the only target of Iran’s attacks. In the past 12 months, at least 80 targets, from internet service providers to government agencies, have been identified across 12 European countries, according to FireEye.
FireEye said that these are harder to detect than previous Iranian attacks because the Regime has been going after the internet’s core routing system, intercepting traffic to a domain name, and stealing login credentials.
Benjamin Read, a senior manager of cyber espionage analysis at FireEye, said “They’re taking whole mailboxes of data.”
He also revealed that their targets, including police forces, intelligence agencies and foreign ministries, indicate state-backed espionage as opposed to criminals extorting ransoms.
This is not the only Iranian attack against the US that has made news recently. On Wednesday, the Justice Department indicted former Air Force intelligence specialist Monica Witt for helping Iran with an online espionage campaign. The US also charged four members of the Iranian Revolutionary Guard Corps with “computer intrusions and aggravated identity theft” after they targeted members of the US intelligence community.
The US Treasury also sanctioned two Iranian companies, New Horizon Organization and Net Peygard Samavat Company, and several people linked to them, for their role in recruiting Witt and potentially other agents.