An Iranian Hacker Confesses

Government agencies and security experts are concerned that retaliatory cyberattacks against the Western world are highly likely after President Trump's 8th May announcement that the United States would abandon the Iran nuclear deal.

Given that the Islamic Republic of Iran commonly responds to sanctions with offensive cyber campaigns, understanding the hierarchy of Iran's hackers offers insight into how to best defend against the looming prospect of risk.

The Insikt Group, a threat research team that is part of Recorded Future community, has released new research on cyber-activity in Iran.

The information was garnered through interviews with a former Iranian hacker, who started one of Iran's first security forums. 

"Judging from historical patterns, the businesses likely to be at greatest risk are in many of the same sectors that were victimised by Iranian cyber-attacks between 2012 and 2014 and include banks and financial services, government departments, critical infrastructure providers, and oil and energy," wrote Levi Gundert, VP of threat intelligence at Recorded Future.

Iranian cyber-operations have long been administered through a tiered approach, using a trusted group of middle managers to translate intelligence priorities into segmented cyber-tasks. Those tasks are then bid out to multiple contractors, a system that pits contractors against each other for influence with the Iranian government. In addition, the Insikt Group analysed web traffic across prestigious academic institutions to find several activities of concern emanating from various registered ranges. 

These include allocated IP spaces of Iran's Cyberspace Research Institute, the Imam Hossein Comprehensive University and the Mabna Institute, which was publicly identified in an FBI indictment (pictured) as a front company engaged in hostile state-sponsored cyber-espionage.

Iran has a unique dynamic between trust and skill in selecting contractors to work for the Islamic Republic in accomplishing its offensive cyber-campaigns. 

However, "We believe that contractor selection for this response may favor speed and skill over trust and loyalty, resulting in the use of new or unproven contractors," said Gundert. 

"New or unproven contractor’s actions could result in a destructive attack with potentially wider impact than originally envisioned by the Iranian government."

"American businesses should be aware of Iran’s history and the likely response that these economic sanctions will trigger. Specifically, the financial services and energy industries should be preparing for the Iranian government’s response," said Gundert.

Infosecurity Magazine

You Might Also Read: 

Iran Likely To Retaliate With Cyberattacks:

Iranian Hackers Have Infiltrated US Infrastructure:


 

 

« Is the Pentagon Cloud Secure Enough to Hold Nuclear Secrets?
Preventing Another Wannacry »

Directory of Suppliers

Darktrace

Darktrace

Darktrace’s Enterprise Immune System is capable of detecting and responding to emerging cyber-threats, from within the network.

Obsidian Strategics

Obsidian Strategics

Obsidian products are enterprise-class devices supporting the InfiniBand secure data transmission protocol used in Supercomputer and HPC environments.

AlgoSec

AlgoSec

AlgoSec is the market leader for security network security policy management, enabling organizations to simplify and automate security operations.

ixAssociates

ixAssociates

ixAssociates is a UK based IT Integration business specialising in risk, compliance, eDefence, and network security solutions.

Exclusive Networks

Exclusive Networks

Exclusive Networks accelerate market entry and growth for innovative cybersecurity, networking and infrastructure technologies.

Verisign

Verisign

Verisign is a leader in Domain Names & Internet Security, providing protection for websites and enterprises around the world.

Cyber Security Labs

Cyber Security Labs

Cyber Security Labs is a high-tech startup with a focus on component-based development of high-assurance IT security technology

TestFort

TestFort

TestFort QA Lab is a specialized software testing company offering independent quality assurance and software testing services.

Research Institute in Science of Cyber Security (RISCS)

Research Institute in Science of Cyber Security (RISCS)

RISCS is focused on giving organisations more evidence, to allow them to make better decisions, aiding to the development of cybersecurity as a science.

National Cyber Security Centre Netherlands (NCSC-NL)

National Cyber Security Centre Netherlands (NCSC-NL)

The NCSC coordinates enhancing the cyber resilience of the Netherlands in the digital domain.

Avast Software

Avast Software

Avast Software is a security software company that develops antivirus software and internet security services.

Level 8

Level 8

Level 8 is a highly specialized Danish consulting company with network and security expertise.

Sentia

Sentia

Sentia is an IT and infrastructure firm, with focus on Outsourcing, IT operation and management, Hosting, Co-location, Network, and IT security.

Norwegian Information Security laboratory (NISlab)

Norwegian Information Security laboratory (NISlab)

NISlab conducts international competitive research in information and cyber security and operates study programs in this area.

MELANI (Reporting and Analysis Centre for Information Assurance)

MELANI (Reporting and Analysis Centre for Information Assurance)

MELANI is a Swiss Government funded body set up in 2004 to coordinate cyber security issues.