14 DAY TRIAL // A confidential document from the Federal Bureau of Investigation (FBI) has been sent to different businesses in the US, warning them that cyber-attacks originating from Iran may be targeting them.
The list of entities the operation aimed at seems to indicate a cyber-espionage operation that could also have service disruption on its list of goals.
Trail of evidence points to Iran
The report from the FBI has been seen by Reuters, who says that it made available technical details about the malicious software along with recommendations to prevent a successful cyber-attack.
At the beginning of December, threat detection, protection and response company Cylance published an extensive report about a cyber operation they called Cleaver, whose objectives were infiltration of critical infrastructure entities around the world.
Based on the analysis of the malware and the campaign, Cylance believe it to be carried out by Iranian actors sponsored by the government. Leading to this conclusion was plenty of evidence, such as Persian hacker names, infrastructure, external IP addresses of the tools used, all pointing to Iran.
In the document from the FBI, there is also said that the attacks are launched from Iranian IP addresses, although no attribution to the Iranian government is made.
Reuters says that the warning is for the same operation uncovered by Cylance and it also provides information relating to the methods used by the attackers to achieve their goal. Businesses believing they are victims of the Cleaver operation have been asked to contact the FBI.
Operation Cleaver may be more widespread than initially thought
More than 50 victims have been identified by the security response company, which believes that the operation started in 2012. They found compromised machines in countries such as Canada, China, England, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey, United Arab Emirates, and the US.
However, the warning from the FBI may indicate a larger campaign, at least as far as the US businesses are concerned.
In the report from Cylence, it is said that Operation Cleaver has behind at least 20 hackers and developers that work on projects aligning with Iran’s interests.
The reaction from Iran came soon after the company made its findings public and it was to refute all evidence. “This is a baseless and unfounded allegation fabricated to tarnish the Iranian government's image, particularly aimed at hampering current nuclear talks,” said Hamid Babaei, spokesman for Iran's mission to the United Nations.
