An indictment for nine Iranians was unsealed on March 23 2018. They each stand accused of a variety of crimes relating to cyber-attacks conducted on universities, government agencies, and private organisations around the globe. 31 terabytes of data was stolen - that is a lot of data! The nine suspects are all affiliated with Mabna, the group responsible for the HBO hacking (in which Game of Thrones episodes were leaked), which led to the indictment of Mesri for his involvement in the hacking and attempts to extort US$6 million. It has been revealed that the cyber-assault used customized phishing emails that were sent under the disguise of academics at other institutions. The emails contained links to academic papers that directed the victim to a malicious domain masquerading as a university web page, prompting the victim to give away his log-in details.
Among the victims were government agencies and private companies, but the primary target was universities, with around 8000 professors falling victims. So, unlike the targets identified in previous indictments, we now appear to be seeing a diversification of the type and location of the target. Furthermore, the attack was indiscriminate with regards to academic discipline. Whilst the economic value of the data should not be given disregarded (the indictment makes the cost of the stolen research to USE institutions as US$3.4 billion), the financial loss is only one implication. The concept of targeting innovation, ideas and information, acquired through years of research effort, is new and frightening. The attacks demonstrate the need for academic institutions, to improve their cyber-security, both in terms of the awareness and implementation. It is worrying that the attacks reached beyond the usual suspects of the US and Israel; universities in 22 different counties, including many in Europe, and also China, were victims. Among the non-academic targets was the Unite Nations Children's Fund, demonstrating the callous and indiscriminate way in which the Iranian cyber machine selects victims.
Whilst considered innocent until proven guilty in a court of law, presumably investigators must be pretty convinced of guilt to name these individuals in the indictment. These men will join those previously indicted by the FBI for cyber-criminals, in not being able to leave Iran without fear of arrest. This limitation of freedom will surely deter some of those considering a 'career' in hacking, and slow recruitment to the Iranian cyber-army.
Who is backing Mabna? The indictment reveals that spear-phising email attacks were then conducted on behalf of the Islamic Revolutionary Guard Corps (IRGC) of Iran. But were there other governmental bodies involved? This is a persistent question which resurfaces with each attack. Given their close association, it seems likely that there is some level of co-ordination between the IRGC and other government offices, like those within the Iranian Ministry of Foreign Affairs, when planning the cyber-attacks. Will this public condemnation deter Iran form undertaking further attacks on university, or will the stat simply distance themselves form cyber criminals?
Subscribe to:
Posts (Atom)
-
Web browsers generally allow users to send a "Do Not Track" signal that informs advertisers that the users do not want to be ...
-
Ashiyane Security Group (officially Ashiyane Information and Communication Technology Company) is one of the oldest cyber security group...
-
Funeral reception of Mohammad Hussein Tajik News of the assassination of an Iranian Cyber manager has recently been released. Mohammad H...
-
Since my last post in October, there has been no confirmation of which group was behind the cyber-attack on Westminster, or the role of the ...
-
Duqu 2.0: ‘Almost Invisible’ Cyber Espionage Tool Targeted Russian Co., Linked to Iran Nuclear TalksA Russian cyber security company says that it has discovered a highly-technical, “almost invisible” cyber espionage tool that t...
-
The Heartbleed bug is a serious vulnerability in the popular OpenSSL cryptographic software library and this weakness allows stealing t...
-
Head of Iran Cyber Police (FATA) General Seyed Kamal Hadianfar asked for collective efforts by all world states to prevent the spread of...
-
Are Iranian hackers involved in using the " Mamba " ransomware (or possibly be behind the ransomware)? It seems unclear but an...