• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » Data Breach » Iran Hack – 10 Tactics Iranian Hackers Use to Attack the United States

Iran Hack – 10 Tactics Iranian Hackers Use to Attack the United States

2020-01-09 by Michelle Dvorak

Iran Hack - Tactics Iranaian Hackers

Iran Hack Attempts Almost Triple – Iran Has Already Hacked the U.S. At Least 4 Times – Patterns of Publicly Known Iranian Advanced Persistent Threats

The number of Iran hack attempts against targets in the United States has almost tripled. The increase in Iran hack attempts has intensified since the assassination of Iranian military leader Qasem Soleimani. Cyberattacks originating from Iran targeting government websites of all levels doubled then continued to increase.

An Iran hack may be initiated from state-sponsored hacking groups or individuals who are looking to steal money or data. Iran technical prowess has increased since 2009 and the country has a server known state-sponsored Advanced Persistent Threat groups to carry out cyberwarfare. APT hacking groups are organized hackers that are often state-sponsored cyberwarfare organizations.

Iran hack attempts against the United States have been successful before. Government targets include the U.S. Federal Depository Library Program (FDLP) website and a dam in Rye, New York. Iranian hackers target engineering companies, financial sector, energy, utilities, oil and gas industries, as well as government entities.

Cyberattacks originating from Iranian IP addresses targeting federal, state, and local government websites have doubled according to American web infrastructure and website security company Cloudflare. In just two days, the Iran hack attempts on targets globally, has now increased to almost triple their former rate.

Iran has a history of attacking targets in the United States and across the globe. Although their repertoire of cyberattacks does not show to skill level of hackers from China and Russia, they can still cause damage, even if it is sometimes a symbolic nuisance.

RELATED READS:

  • US DHS Warns Iranian Cyberattack Could Damage Critical Infrastructure
  • Cyberwarfare with Iran – DHS Issues National Terrorism Advisory System Bulletin
  • Iranian Hacker Website Targets US Veterans with Malware
  • Iranian Hackers Target LinkedIn Users with Malware Attack
  • US Cyber Command Warns of Iranian Cyber Attack on MS Outlook
  • US CISA and Iranian Hackers Exchange Cyber Attacks
  • Citrix Breached by Iranian-backed Hackers

What is an Advanced Persistent (APT) Threat Group?

An Advanced Persistent Threat Group, known as an APT Group, is an organized hacking organization. APT groups often work at the behest of a national government to steal money to fund other activities, spy on other countries or political targets, or conduct corporate espionage. APT hacking groups are given numbers and names by cyber security researchers to rack their activities and to avoid offending the governments the APT groups work for. The names represent something the country is know for. For example, Iran APT groups are APT33, APT34, and APT 35. State sponsored APT33 is also known as Elfin, Magnallium, or Refined Kitten. Gothic Panda is a pseudonym for APT3, a Chinese APT group.

McAffee Total Home

Iran Hack – How to Prepare

  • Use strong password protection tool
  • Use two-factor or multi-factor authentication for all online accounts
  • Use biometric login for the highest protection on phones, tablets, and laptops, and computers. If your device phone or laptop is too old to support fingerprint login, the consider upgrading to a new phone or laptop
  • Make sure computers, laptops, tablets, and phones have the latest software installed
  • Create backups of important files, photos, and critical documents like taxes, 401K. and stock accounts
  • Ensure backups are kept up-to-date
  • Small business owners should ensure their websites and critical systems are backed up and accessible in case of internet connection disruptions

U.S. Government Website Defaced

During the first week of January 2020, U.S. Federal Depository Library Program (FDLP) was defaced with anti-U.S. President Trump messaging on 4 January 2020.

The Texas Department of Agriculture website and an Alabama veterans’ group were both defaced this week with an image of Iranian Commander Soleimani. The pro-Iran image was accompanied by a message stating the website was, “Hacked by Iranian hacker.” The city of Las Vegas, Nevada was attacked on 07 January 2020 and city services were temporarily shutdown. The cyber attack struck on the first day of the annual massive Computer and Electronics Show (CES). It is too soon to tell if any of these incidents were the work of state-sponsored hackers.

Iranians Tried to Hack 2020 Campaign

Microsoft disclosed that Iranians tried to hack 2020 Presidential campaign. The Iran hack attacked over 200 email accounts related to a campaign.

How Wealthy Is Iran?

Iran ranks 94th in the world by nominal GDP per capita. The United States ranks eighth. The top ten countries ranked by GDP (nominal) per capita from number one to ten, are Luxembourg, Switzerland, Macau, Norway, Iceland, Ireland, Qatar, United States, Singapore, Denmark, Australia.

Iranian APT Hacking Organizations

Cybersecurity and Infrastructure Security Agency (CISA) shared cyber security information on the history and typical profile of Iran hack attacks. The following are typical Iran hack profiles regarding publicly known Iranian Advanced Persistent Threat (APT) techniques.

10 Tactics Iranian Hackers Use to Attack the United States

According to CISA, these are ten tactics used by Iran hackers to compromise networks and computers in the United States and across the world.

  1. Credential Dumping – Credential dumping refers to any process of stealing account login and password information from passwords stored in plain text or with weak encryption. The passwords are then used to login and hack more computers on the same network.
  2. Obfuscated Files or Information – An attempt by the hacker to hide malware payloads with by compressing, archiving (zip files), splitting up, or encrypting malicious files to avoid detection by automated cyber security systems and firewalls.
  3. Data Compressed – Hacked data is compressed to minimize the amount of network resources used while the hacked information is being transmitted over back to the hacker’s servers. This is a move to avoid detection by networking monitoring tools.
  4. PowerShell – PowerShell is Microsoft’s command-line shell and associated scripting language built on the built on the .NET Framework and designed especially for system administration. PowerShell commands let you manage computers from the command line. Iranian hackers have exploited PowerShell to execute malicious code on compromised computers.
  5. User Execution – User Execution is when the hack depends on actions taken by a human to successfully execute or run malware. User execution may involve an email recipient clicking on a link delivered by a phishing email. The file execution may exploit a browser or application vulnerability to compromise a computer or network.
  6. Scripting – Hackers use scripts to speed up tasks that otherwise would have to be done manually. For example, compressing data on a machine and sending it back to the hacker. Scripts can be embedded inside malicious Microsoft Office documents as macros.
  7. Registry Run Keys/Startup Folder – All Windows computers have a registry key that allows software to open and execute software based on the users’ s permission level. Registry keys can be added, edited, and deleted to run legitimate and malicious apps at startup using the user’s permission levels. Malware may alter the machine’s registry so that the malware is always run at startup, making it hard to stop and remove.
  8. Remote File Copy – Remote file copy is the staging of malicious files from one network or computer to another.
  9. Spear Phishing Link – A spear phishing link is a clickable link is sent within the body of a targeted spear phishing email. The hacker relies on user execution to begin a malware download, execute a malicious script, or sends to target to a spoofed website to gather further sensitive data.
  10. Spear Phishing Attachment – A spear phishing attachment is a malicious file, often a MS Word document, Excel Spreadsheet, or Adobe pdf file, that executes a malicious script if the recipient of a spear phishing email is tricked into opening the attachment. The spear phishing attachment may launch a script or begin other malware downloads.

Filed Under: Data Breach Tagged With: Iran

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version