• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » cyber security » Cyberwarfare with Iran – DHS Issues National Terrorism Advisory System Bulletin

Cyberwarfare with Iran – DHS Issues National Terrorism Advisory System Bulletin

2020-01-06 by Michelle Dvorak

Cyberwarfare with Iran

Cyberwarfare with Iran How to Prepare for the Potential Cyber Security War Between the US and Iran DHS Issues National Terrorism Advisory System Bulletin

A cyberwar with Iran is an increasing possibility as tensions increase and the volley of retaliatory attacks continue. Iran maintains a robust cyber program and has strengthened its hacking groups’ skills in the past ten years, and although they are still not the most technically talented state-sponsored hackers, they have already successfully attacked the U.S. and can definitely cause more damage. The U.S. Department of Homeland Security (DHS) has issued a National Terrorism Advisory System Bulletin. This means critical infrastructure like electricity and medical care are vulnerable to crippling cyber attacks. Smartphones, routers, and laptops are more vulnerable than ever to Iranian hackers looking for revenge.

Private-sector industries – banking, health care, and energy – are likely targets of an Iranian state-sponsored hacking groups. Major cities like Atlanta, Boston, Baltimore, and New Orleans were all attacked by ransomware in 2019, shutting down services and operations to millions of residents proving just how disruptive and expensive hacking offices computers can be.

We have seen that Iran has infiltrated Western critical infrastructure including banks, dams, and universities. Following the assassination of Iran Revolutionary Guards Corps Quds Force commander Qasem Soleimani in a U.S. strike in Baghdad on January 2, many suspect that cyberwarfare may be at least one likely Iranian attack vector.

RELATED READS:

  • Iranian Hacker Website Targets US Veterans with Malware
  • Iranian Hackers Target LinkedIn Users with Malware Attack
  • US Cyber Command Warns of Iranian Cyber Attack on MS Outlook
  • US CISA and Iranian Hackers Exchange Cyber Attacks
  • Citrix Breached by Iranian-backed Hackers

Iran’s Supreme Leader Ayatollah Ali Khamenei warned that “harsh retaliation is waiting” for the U.S. after the assassination of General Soleimani. The daughter of slain Iranian Gen. Qassem Soleimani, Zeinab, warned the families of U.S. soldiers deployed in the Middle East that they “will spend their days waiting for the death of their children” during her father’s funeral.

The US Department of Homeland Security (DHS) stated, “Iran maintains a robust cyber program and can execute cyber attacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”

Iranian Hacker Groups

Like other technologically advanced countries, Iran has its own cadre of Advanced Persistent Threat Groups. APT hacking groups are organized hackers that are often state-sponsored cyberwarfare organizations. APT groups are assigned numbers to keep track of their progress and techniques. They are responsible for some of the most successful cyber attacks in the world. APT groups are also given names by private cyber security researchers to avoid offending sponsoring governments. The US government-backed APT group is known as Equation Group. APT groups are skilled and work with low-and-slow strategies to steal large volumes of data over long periods of time – often years of work.

Advanced Persistent Threat Group APT33

APT33 is an Iranian backed hacker group that uses wiper malware to destroy data. The group targets aerospace, defense, and petrochemical industries. APT33 is also known as Elfin, Magnallium, or Refined Kitten (by Crowdstrike), Magnallium (by Dragos), and Holmium (by Microsoft).

Advanced Persistent Threat Group APT34

APT34 is an Iranian state-sponsored cyber espionage operation active since about 2014. APT34 focuses on data collection and cyberattacks targets focusing on the financial sector, energy, utilities, oil and gas industries, as well as government entities.

IRIDIUM

IRIDIUM is an Iranian state-sponsored black hat hacking group. These hackers attack political targets in Five Eyes countries: United States, United Kingdom, Australia, Canada, and New Zealand. In 2019, IRIDIUM attacked the Australian government in retaliation for Australia considering removing its support for Iran due to Australia’s ties to Israel. In 2017, IRIDIUM attacked members of the British Parliament.

Advanced Persistent Threat Group APT35

APT35, also known as the Newscaster Team, is an Iranian state-sponsored APT group. They steal strategic intelligence on targets in the U.S. and the Middle Eastern. Targets include military, diplomats, government personnel, and media organizations. Industries targeted include the energy sector, and defense industries, engineering companies, business services and telecommunications sectors.

What Was the Cyber Attack on Iran?

An American-Israeli cyberattack on Iran used a malicious worm known as Stuxnet to shut down Iran nuclear program in 2009. Stuxnet reportedly destroyed almost twenty-percent of Iran’s nuclear centrifuges.

Citrix Data Breach – March 2019

State-sponsored hacker group IRIDIUM stole documents from over 400,000 organizations from file virtual desktop service Citrix. The documents included most Fortune 500 companies. The Iranian hackers focused on aerospace industry data and stole documents belonging on the FBI, NASA, and Saudi Arabia’s state-owned oil company. Citrix Systems handles sensitive computer projects for White House communications, the U.S. military, the FBI, as well as thousands of private companies.

MS Outlook Iran Cyber attack – June 2019

United States Cyber Command, USCYBERCOM, based in Fort Meade, Maryland warned of a new cyberattack from Iran state-sponsored hacking group APT33. The hack took exploited a known Microsoft Outlook vulnerability, CVE-2017-11774. The allows hackers to bypass Outlook security features and execute malware on infected machines.

CISA Warns of Increased Iranian Cyber attacks – June 2019

U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of an increase in phishing emails sent to US targets. Iranian hackers attempted to infiltrate corporate networks and computers with wiper tools that destroy data. Wiper tools are more destructive than ransomware, spyware or other less harmful malware because they destroy everything with no chance of recovery. The phishing emails were attributed to Iranian-backed APT33, also known as Magnallium or Refined Kitten.

Iran Drone Strike – June 2019

In June 2019, Iran shot down a U.S. drone over the Iranian coast. The U.S. Pentagon confirmed the downing of the drone but stated that the incident occurred over the Strait of Hormuz, which is international waters.

Iran Oil Tanker Attack – June 2019

On 13 June 2019, two oil tankers were attacked near the Strait of Hormuz while they transited the Gulf of Oman. The U.S. blamed Iran for the attacks, which is believed to have been used mines. Iran denied involvement in the oil tanker attacks.

U.S. Cyber Command carried out a retaliatory cyber attack that disabled Revolutionary Guard systems that control rocket and missile launches for Iran. The cyber attack was in retaliation for the drone attack as well as for recent attacks on oil tankers in the area.

LinkedIn Iran Cyber attack – July 2019

Iranian state-sponsored hacking group APT34 launched a phishing campaign on social networking site LinkedIn. Targets received an invitation to connect from various fake profiles that supposedly worked at Cambridge University. If targets were tricked into accepting the connection and clicking on a link to download files, their device was infected with three malware files.

Hacker LInkedIn Connection Malware
Hacker LInkedIn Connection Malware

Malicious Site Targets U.S. Veterans – September 2019

A website is targeted U.S. Veterans who are looking for work. The scam website was attributed to Iranian hacking group, Tortoiseshell. If the reader accepted a file download their computer or laptop was infected with malware.

FDLP Website Hack- 04 January 2020

The website homepage of the U.S. Federal Depository Library Program (FDLP) was defaced with anti-U.S. President Trump messaging on 4 January 2020. Although the message included at the bottom of the webpage that replaced the home page of the Federal website claimed it was the work of Iranian hackers, the identity of the hackers has not been confirmed. The FDLP website is a very low-level and mostly symbolic target to attack. The Federal Depository Library Program provides the public with free public access to Federal Government information that includes bills, statutes, court opinions, and other government information.

Saudi Aramco Cyber attack

In what is believed to be one of Iran’s first major cyber attacks, hackers knocked out more than 30,000 computers belonging to the Saudi state oil company, Saudi Aramco, in 2012. The cyber attack prevented Aramco from exporting its crude oil and was one of the costliest hacks ever at the time. The Saudi Aramco cyber attack used wiper malware known as Shamoon that targeted the administrative computers of the company but not the industrial control systems used in oil production machinery.

Which Country Has the Best Hackers in The World?

Iran isn’t the most powerful cyber threat, but it shouldn’t be underestimated. Iran is considered an emerging military power in the arena of cyberwarfare. The country has been both an aggressor and a victim. Iran’s Cyber Defense Command has been operating since November 2010 as part of the country’s Passive Civil Defense Organization. which is a subdivision of the Joint Staff of Iranian Armed Forces. Iran lacks the overall cyber capabilities of Russia, China, or the U.S., but its hackers can still do damage.

Iran Population 2019

Iran has an estimated population of about 82.91 million in 2019, which ranks 19th in the world.

Are You Vulnerable to Hackers?

Hardware and apps connected to the internet, including smart TVs, phones, laptops, tablets, and routers are inherently hackable and nothing is 100 percent safe.
The U.S. National Terrorism Advisory System issued a warning and steps to take to secure your data.
https://twitter.com/DHS_Wolf/status/1213585937881534467/photo/1

  • Use secure passwords. The passwords must be unique and hard-to-guess for each online account. Use a password vault to generate strong passwords and store them securely
  • Save copies of information as local files on your laptop or phone storage – not cloud storage to prepare for a loss of internet connectivity
  • Store phone numbers as a local text file on a removable drive or even print them on paper
  • Don’t rely on internet connectivity or IoT devices
  • Beware of suspicious emails especially those with attachments or links to websites or files
  • Use biometric of multi-factor authentication for all login credentials
  • Stay Informed – Subscribe to Our newsletter and DHS Bulletins

Filed Under: cyber security Tagged With: Iran

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version