U.S. Says Chinese, Iranian Hackers Seek to Steal Coronavirus Research
Gordon Lubold and Dustin Volz
WSJ, May 14, 2020Chinese hackers are targeting American universities, pharmaceutical, and other health-care firms in a bid to steal intellectual property related to coronavirus treatments and vaccines and the intrusions may be jeopardizing progress on medical research, U.S. officials said in an alert Wednesday.The alert came as U.S. officials charge that China and Iran since at least Jan. 3 have waged cyberattacks against American firms and institutions that are working to find a vaccine for Covid-19, the disease caused by the coronavirus, officials said.The attacks have raised the prospect among some officials that the efforts could be viewed by the Trump administration as a direct attack on U.S. public health, they said, because the attacks may have hindered vaccine research in some cases. Such an interpretation would represent an escalation of how the U.S. government views cyberattacks against the country.In the alert Wednesday, the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency, the cyber wing of the Department of Homeland Security, said that Chinese-affiliated “cyber actors and nontraditional collectors” had been identified attempting to steal intellectual property and public-health data related to research on Covid-19 vaccines, treatments, and testing.The alleged activity posed a significant threat to the U.S. response to the new coronavirus, the alert said. “The potential theft of this information jeopardizes the delivery of secure, effective, and efficient treatment options,” it added.
Wednesday’s alert didn’t identify hacking victims and didn’t explain how officials have arrived at their conclusion of Beijing’s responsibility in coronavirus-related espionage against the U.S. Additional technical information about the hacking operations may be released in the coming days, the alert said.
The alert didn’t mention Iran, but administration officials also have cited intelligence that they said suggests Tehran or its proxies have been targeting some of the same types of facilities. The administration officials said one technique Iran has favored is so-called password spraying, a relatively unsophisticated hacking technique that attempts to compromise an organization by rapidly guessing common account-login passwords.
Among Iran’s recent targets, according to cybersecurity researchers, was the pharmaceutical company Gilead Sciences Inc., which has produced the antiviral drug remdesivir that was recently given emergency-use authorization by the Food and Drug Administration as a potential Covid-19 treatment.
U.S. officials said the effects of China and Iran’s attacks on efforts to find a vaccine are difficult to quantify, and they declined to provide evidence or to detail the intelligence on which their assessments were based. Intelligence gleaned by the administration in recent weeks formed the basis of the assessments, officials said.
Administration officials said China was the primary adversary conducting cyberattacks amid the coronavirus outbreak, with its attacks more widespread and frequent. The attacks themselves have been disruptive, undermining the efforts of American research institutions and firms trying to find a vaccine for Covid-19, officials said. It wasn’t clear if the damage to some of the research was intentional, officials said, likening such instances to a house burglar who by cleaning his own fingerprints causes inadvertent damage to the home. … [To read the full article, click the following LINK – Ed.]
Hackers Join Forces Against U.S. And Israeli Targets: This Is What an Iranian Cyber Attack Looks Like In 2020
Forbes, Feb. 17, 2020
Ever since the 2010 Stuxnet worm attack on the Natanz nuclear plant that was eventually attributed to the U.S. and Israeli governments, Iran has been taking “cyber” seriously. Although the notion of Iran initiating a cyberwar scenario has been largely dismissed, there has been no shortage of cyber muscle-flexing from the Iranian regime. While the cyber-attack that took down 25% of the Iranian internet on February 8 has not been attributed to U.S. threat actors, let alone state-sponsored ones, it is unlikely to calm the anti-West cyber-rhetoric. Or, indeed, the cyber-espionage campaigns originating out of Tehran. Much of this activity is aimed at the U.S. and Israel, and much of it has been attributed to state-sponsored hacking groups. Newly published research has now revealed that an ongoing Iranian offensive campaign, active for the last three years, is likely the result of some of these so-called Advanced Persistent Threat (APT) groups working together.
The fictional James Bond character became famous for his range of, frankly, quite ridiculous technological aids from the cigarette gun in Casino Royale to the tracking nanoparticles injected into Bond’s bloodstream in Spectre. Back in the real-world and state-sponsored espionage has increasingly relied upon far-from fictional technologies. I recently reported how the CIA enabled the U.S. to spy upon more than 100 foreign governments across decades by secretly building backdoors into the encryption equipment they used. Iranian state-sponsored hackers have not had the luxury of such near-ubiquitous infiltration, nor are they traditionally thought to be that advanced when compared to their Chinese or Russian contemporaries. However, that hasn’t prevented Iranian hacker groups from conducting highly successful cyber-espionage campaigns.
Fox Kitten espionage campaign has been active for three years
The ClearSky research team has published a report that reveals how an Iranian espionage campaign, targeting various industry sectors in both the U.S. and Israel, has been ongoing for the last three years. The “Fox Kitten” campaign, as the researchers have tagged it, enabled the Iranian offensive hackers to succeed in gaining both access to, and a persistent foothold within, numerous networks belonging to organizations in the aviation, government, IT, oil and gas, security and telecommunications sectors. … [To read the full article, click the following LINK – Ed.]
How Iran’s Military Outsources its Cyberthreat Forces
Times of Israel, June 22, 2020
In the wake of the US killing of a top Iranian general and Iran’s retaliatory missile strike, should the US be concerned about the cyberthreat from Iran? Already, pro-Iranian hackers have defaced several US websites to protest the killing of General Qassem Soleimani. One group wrote “This is only a small part of Iran’s cyber capability” on one of the hacked sites.
Two years ago, I wrote that Iran’s cyberwarfare capabilities lagged behind those of both Russia and China, but that it had become a major threat which would only get worse. It had already conducted several highly damaging cyberattacks. Since then, Iran has continued to develop and deploy its cyber attacking capabilities. It carries out attacks through a network of intermediaries, allowing the regime to strike its foes while denying direct involvement.
Islamic Revolutionary Guard Corps-supported hackers
Iran’s cyberwarfare capability lies primarily within Iran’s Islamic Revolutionary Guard Corps, a branch of the country’s military. However, rather than employing its own cyberforce against foreign targets, the Islamic Revolutionary Guard Corps appears to mainly outsource these cyberattacks.
According to the cyberthreat intelligence firm, Recorded Future, the Islamic Revolutionary Guard Corps uses trusted intermediaries to manage contracts with independent groups. These intermediaries are loyal to the regime, but separate from it. They translate the Iranian military’s priorities into discrete tasks, which are then auctioned off to independent contractors. Recorded Future estimates that as many as 50 organizations compete for these contracts. Several contractors may be involved in a single operation.
Iranian contractors communicate online to hire workers and exchange information. Ashiyane, the primary online security forum in Iran, was created by hackers in the mid-2000s in order to disseminate hacking tools and tutorials within the hacking community. The Ashiyane Digital Security Team was known for hacking websites and replacing their home pages with pro-Iranian content. By May 2011, Zone-H, an archive of defaced websites, had recorded 23,532 defacements by that group alone. Its leader, Behrouz Kamalian, said his group cooperated with the Iranian military but operated independently and spontaneously. … [To read the full article, click the following LINK – Ed.]
Ex-Mossad Official: Iran Nuke Submarine Idea Cover for Uranium Enrichment
Jonah Jeremy Bob
Jerusalem Post, Apr. 20, 2020
Iran’s recent rumblings about developing a nuclear submarine are a cover for its desire to start enriching uranium at higher levels, former Mossad official Sima Shine said on Monday. Speaking as part of a videoconference organized by the Institute for National Security Studies (INSS), where she is currently a lead expert on Iran, she noted that the Islamic Republic has mentioned the possibility of developing a nuclear submarine before.
However, enriching uranium to higher levels could bring Supreme leader Ayatollah Ali Khamenei significantly closer to a nuclear weapon. To date, Iran has violated the 2015 nuclear deal limits on uranium enrichment but has not enriched above the 5% level. The 20%, 60%, and eventually 90% levels must be crossed before the uranium can be weaponized. Enriching to the 20% level might already trigger greater threats from the US and Israel.
Shine explained that the engine of a nuclear-powered submarine “needs higher enrichment levels [of uranium] and very few [world] powers can do it. But they are paving the way to provide civilian-use justifications for why they would need to increase their enrichment levels.”
In other words, she suggested that even if Tehran failed to develop a nuclear submarine – expertise which may be beyond its reach – it could use the possibility of trying to develop one as a legal basis for enriching uranium to high levels. In this scenario, Iran could try to convince the IAEA and the EU that it was not seeking a nuclear weapon and could, therefore, try to get them to pressure Israel and the US to tolerate nuclear advancement.
Former IDF chief-of-staff and INSS fellow Gadi Eisenkot also spoke, noting that Iran has been hit hard by the coronavirus crisis in all of its efforts to assert regional hegemony and to develop its nuclear weapons program. Eisenkot especially pointed to a reduction of Tehran’s influence over Gaza due to an increasingly squeezed economy, forcing it to limit how much financial support it can grant terror groups there.
The former IDF chief said this could offer an opening to Israel and the US to encourage moderate Sunni Arab states to be more involved in the Gaza situation and to help strengthen any more moderate elements there.
FORMER IDF intelligence chief and current INSS Executive Director Amos Yadlin said that the Islamic Republic had not changed its major long-term strategic goals during the corona crisis, but had shifted its short-term tactics. He described Iranian efforts to achieve a nuclear weapon and regional hegemony as being ongoing but said that in the short term while enduring extreme economic and other damage courtesy of the coronavirus, those efforts have temporarily been slowed.
In particular, he noted that Tehran has slowed its efforts to make trouble in Syria and Lebanon, though he warned that the mullahs were likely on the lookout for unexpected openings to shake things up going forward. … [To read the full article, click the following LINK – Ed.]
For Further Reference:
National Cyber Unit Warns of Incoming Iranian, Anti-Israel Cyberattack: Yonah Jeremy Bob, Jerusalem Post, May 13, 2020 — The Israel National Cyber Directorate (INCD) issued a warning on Wednesday that Iran and other anti-Israel activists were expected to stage a series of cyber-attacks on Israel during the May 14-22 period commemorating Iran’s Jerusalem Day.
Scoop: Israeli Security Cabinet Held Secret Meeting on Unusual Iranian Cyberattack: Barak Ravid, Axios, May 9, 2020 — The Israeli security cabinet held a top secret meeting on Thursday to discuss a highly unusual Iranian cyberattack against Israeli civilian water infrastructure that took place two weeks ago, Israeli officials tell me.
ClearSky CEO Explains How it Foiled Iranian Hack of Gilead: Joshua Robbin Marks, The Medialine, May 13, 2020 — The Islamic Republic of Iran has been hit hard by COVID-19. It ranks 10th worldwide in coronavirus cases, at 112,725, with 6,783 fatalities, according to Wednesday’s update from the Johns Hopkins coronavirus tracker.
Chinese and Iranian Hackers Targeting US Universities, Healthcare Firms amid Coronavirus Vaccine Research: Reports: Chris Irvine, Fox News, May 13, 2020 — American universities, pharmaceutical and other healthcare firms are being targeted by Chinese and Iranian hackers in the midst of the coronavirus crisis, according to reports.
Trump Says he told Navy to ‘Destroy’ Iranian Boats Harassing U.S. Ships: Lara Seligman, Politico, Apr. 22, 2020 — President Donald Trump abruptly tweeted early Wednesday that he has directed the Navy to fire upon Iranian “gunboats” that “harass” U.S. ships in a new sign of heightened tensions between Washington and Tehran.