Computer screens across the world were reportedly hacked in a number of countries including Iran. The Iranian data centres were hacked.
The hackers reportedly left behind an image of the American flag and also published the message: “Don’t mess with our elections.” The Iranian government has since confirmed the cyber breach.
United States and Iran do not have any formal diplomatic relations or ties and share an acrimonious relationship. In 1953, the CIA played a key role in orchestrating a coup against Iran's democratically elected Prime Minister, Mohammad Mossadeq. Between 1979 and 1981, a group of Iranian students belonging to the Muslim Student Followers of the Imam's Line, took over the U.S. Embassy in Tehran. The 44 hostages were released after 444 days. In 2002, US President, George W Bush, described Iran as being part of the “axis of evil.”
In 2011, Iran captured an American Lockheed Martin RQ-170 Sentinel unmanned aerial vehicle (UAV). The nation announced that the vehicle had been brought down in northeastern Iran. At first, US denied that the vehicle belonged to them. However, Iran maintained that it was able to capture the UAV through its cyberwarfare unit. In addition, Iran also lodged a formal complaint with the UN arguing that the vehicle violated its airspace. Then US President Barack Obama acknowledged that the shot down vehicle belonged to the US and requested that it be returned. Iran dismissed the request. Iran has claimed that it was able to decipher decoded messages from the captured drone.
Relations between US and Iran have further deteriorated in 2017. US President Donald Trump has repeatedly criticized the nuclear deal that had been struck by P5+1 and Iran. He has argued that the deal should be cancelled and sanctions should be restored on the country. US has also imposed new sanctions on Iran in 2017. Iran has stated that it will respond “intelligently” to US sanctions.
A cyber threat is a type of offensive maneuver that results in an unforeseen disruption of a computer network or system. This disruption could end up damaging these networks. A cyberattack is the one that is orchestrated by malicious players including nation-states, individuals, groups or organizations that targets computer information systems.
In the recent years a number of cyber attacks on individual organizations like Sony Pictures has been traced back to malicious players in nations like North Korea. In 2016, Russia was accused of running a disinformation campaign against US Presidential candidate, Hillary Clinton. The emails of the Democratic National Party were also hacked and released by Wikileaks. The personal mails of French President Emmanuel Marcon (before the election) were also hacked and released.
According to Iranian authorities, thousands of computers in Iran were compromised as a result of this hack. Iran's IT Minister Mohammad Javad Azari-Jahromi said it was not yet clear who had carried out the attack. "Some 55,000 devices were affected in the United States and 14,000 in China, and Iran's share of affected devices was 2 percent," Azari-Jahromi was quoted as saying.
"The attack apparently affected 200,000 router switches across the world in a widespread attack, including 3,500 switches in our country," the Communication and Information Technology Ministry said in a statement carried by Iran's official news agency IRNA.
A blog published on Thursday by Nick Biasini, a threat researcher at Cisco's Talos Security Intelligence and Research Group, said: "Several incidents in multiple countries, including some specifically targeting critical infrastructure, have involved the misuse of the Smart Install protocol...As a result, we are taking an active stance, and are urging customers, again, of the elevated risk and available remediation paths."
Our assessment is that it is very critical that we focus on the intent and try to understand what it really means. As we have written before, cyber threats go way beyond networks and hence any threat mitigation strategy must also look at attack vectors outside networks.