Written by By Casey Parks, CNN
A group of Iranian hackers is said to have carried out a major cyber attack on western companies, using compromised Microsoft servers to disrupt operations and steal large amounts of data.
The hack, uncovered by security researchers, is said to have started in May 2015 and targeted IBM, Cisco, Target, Shell and Google. According to a report by the security firm Mandiant, the hackers could have received over $1 million USD in profits from their attack on Shell.
“The hacking group used a very clever strategy that created a number of false connections between their infected network (dedicated servers) and other infrastructure,” read the report.
CNN’s Prachi Pinglay reports on the potential damage and damage control that might come with data breaches.
The attack sought to disrupt operations by, for example, causing Web servers to be unresponsive or limiting the availability of a site. The attack worked by exploiting flaws in Microsoft server software.
The hackers also took advantage of vulnerabilities in the machines’ BIOS, the firmware that controls the operating system, so that the system did not detect the attacks as they took place.
The report follows on the heels of two other research studies — one by Israeli computer security firm Cylance in 2015, and the other by Google — which have said Iran has developed and deployed hacking methods to conduct “espionage on industrial control networks (ICS-CERT).”
After the reports were published, the US government stepped up security at the country’s critical infrastructure, including power plants, hospitals and transportation networks.
In a May 2016 National Security Council report on cyberthreats, it was noted that Iran is interested in “advanced attacks” and “transparent network breaches,” similar to the ones used against Western companies.
However, Iranian President Hassan Rouhani denied Iranian officials were involved in attacks on Western companies.
This represents a change in strategy for Iran, which had previously been accused of hijacking US systems.
In September 2015, Iran’s cyber wing, the Cyber Army Organization, carried out a “spear phishing” attack to gain access to government computers. The group was later found to have been in talks with Russian hackers, according to a report from a think tank in Warsaw, Poland.