An Iranian Hacker Confesses

Government agencies and security experts are concerned that retaliatory cyberattacks against the Western world are highly likely after President Trump's 8th May announcement that the United States would abandon the Iran nuclear deal.

Given that the Islamic Republic of Iran commonly responds to sanctions with offensive cyber campaigns, understanding the hierarchy of Iran's hackers offers insight into how to best defend against the looming prospect of risk.

The Insikt Group, a threat research team that is part of Recorded Future community, has released new research on cyber-activity in Iran.

The information was garnered through interviews with a former Iranian hacker, who started one of Iran's first security forums. 

"Judging from historical patterns, the businesses likely to be at greatest risk are in many of the same sectors that were victimised by Iranian cyber-attacks between 2012 and 2014 and include banks and financial services, government departments, critical infrastructure providers, and oil and energy," wrote Levi Gundert, VP of threat intelligence at Recorded Future.

Iranian cyber-operations have long been administered through a tiered approach, using a trusted group of middle managers to translate intelligence priorities into segmented cyber-tasks. Those tasks are then bid out to multiple contractors, a system that pits contractors against each other for influence with the Iranian government. In addition, the Insikt Group analysed web traffic across prestigious academic institutions to find several activities of concern emanating from various registered ranges. 

These include allocated IP spaces of Iran's Cyberspace Research Institute, the Imam Hossein Comprehensive University and the Mabna Institute, which was publicly identified in an FBI indictment (pictured) as a front company engaged in hostile state-sponsored cyber-espionage.

Iran has a unique dynamic between trust and skill in selecting contractors to work for the Islamic Republic in accomplishing its offensive cyber-campaigns. 

However, "We believe that contractor selection for this response may favor speed and skill over trust and loyalty, resulting in the use of new or unproven contractors," said Gundert. 

"New or unproven contractor’s actions could result in a destructive attack with potentially wider impact than originally envisioned by the Iranian government."

"American businesses should be aware of Iran’s history and the likely response that these economic sanctions will trigger. Specifically, the financial services and energy industries should be preparing for the Iranian government’s response," said Gundert.

Infosecurity Magazine

You Might Also Read: 

Iran Likely To Retaliate With Cyberattacks:

Iranian Hackers Have Infiltrated US Infrastructure:


 

 

« Is the Pentagon Cloud Secure Enough to Hold Nuclear Secrets?
Preventing Another Wannacry »

Directory of Suppliers

NetSecure IT

NetSecure IT

NetSecure IT support you in planning, implementation and operation of a secure IT infrastructure with applicable IT compliance.

Gigamon

Gigamon

Gigamon provides intelligent Traffic Visability solutions that provide unmatched visbility into physical & birtual networks without affecting the performance or stability of production environments.

GlobalSign

GlobalSign

GlobalSign is an identity services company providing cloud and on-premise IAM and PKI solutions

European Council on Foreign Relations (ECFR)

European Council on Foreign Relations (ECFR)

ECFR is a pan-European think-tank conducting research and promote informed debate on European foreign policy. Cyber security is becoming an intrinsic element of foreign policy debate.

Loggly

Loggly

Loggly provides a cloud-based log management solution to help identify and solve operational problems quickly.

DataLocker

DataLocker

DataLocker offers both hardware based external storage and software based cloud storage encryption solutions.

Genie Networks

Genie Networks

Genie Networks is a leading technology company providing networking and security solutions for optimizing the performance of large networks.

Ilex International

Ilex International

Ilex International is a European software vendor which specialises in Identity & Access Management solutions.

Cyber Secure Asia (CSA)

Cyber Secure Asia (CSA)

Cyber Secure Asia offers professional expertise in security certifications and solutions to companies within South East Asia.

European Network for Cyber Security (ENCS)

European Network for Cyber Security (ENCS)

ENCS’s core focus is around educating and solving cyber security challenges in the development and operation of energy grids across Europe.

OmniNet

OmniNet

OmniNet delivers the next generation of cybersecurity and is the only provider in the market to move the edge of small businesses to a virtual, omnipresent perimeter.

Sage Designs

Sage Designs

Sage Designs is a provider of SCADA, Security & Industrial Automation products and training programs.

Syncurity

Syncurity

Syncurity optimizes people, process and technology to realize better cybersecurity outcomes and accelerate security operations teams by delivering an agile incident response platform.

Syntegrity Networks

Syntegrity Networks

Syntegrity provides a Unified Security Model, combining Identity and Access Management with Data Protection to fight the next generation of threats.

SteelCloud

SteelCloud

SteelCloud has spent the last decade inventing technology to automate policy compliance, configuration control, and Cloud security.