Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

Sizing Up Impact of US Cyberattack Against Iran

New York Times: Database Used to Plot Attacks on Oil Tankers Wiped Out
Sizing Up Impact of US Cyberattack Against Iran
The U.S. reportedly waged a cyberattack against an Iranian database used to plot attacks against oil tankers.

The United States' June cyberattack against Iran wiped out a critical database used by the nation's paramilitary arm to plan attacks against oil tankers and at least temporarily degraded Iran's ability to covertly target Persian Gulf shipping traffic, the New York Times reports, citing unnamed "senior American officials."

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

The attack, which took place on June 20, targeted a database used in various operations by the intelligence division of the Islamic Revolutionary Guards Corps, which is Iran's main paramilitary force, according to the Times. Iranian officials are still working to recover data and restart some systems more than two months after the attack took place, the newspaper reports.

In May and June, Iran stepped up attacks against ships near its territorial waters, including mines that damaged Japanese and Norwegian vessels. But no tankers have been targeted in significant covert attacks since the June 20 cyber operation, although Iran seized a British tanker in retaliation for the detention of one of its own vessels, the Times reports, citing an unnamed senior U.S official.

The Times reports that the Trump administration saw the cyberattack as a proportional response to Iran shooting down an unmanned U.S. drone earlier this year.

Increasing Cyber Tensions

The June 20 attack was a critical component of an undeclared cyber conflict between the U.S. and Iran, senior officials told the Times, and it went forward even after President Trump called off a retaliatory airstrike the day after Iran shot down a U.S. drone.

Tom Kellermann, chief cybersecurity officer for Carbon Black and a former government cybersecurity adviser, says that the U.S. has cyber conflicts with other nation-states, including Russia, North Korea and China, but the tensions with Iran have intensified since the U.S. ended its nuclear agreement with the country and imposed new economic sanctions.

"There is a covert cyber conflict," Kellermann tells Information Security Media Group. "As a direct response to economic sanctions, Iran began attacking the U.S. with an 'A' team many months ago, and now it is evident that the U.S. is responding with persistent engagement. Geopolitical tension manifests in cyberspace."

In June, the U.S. Department of Homeland Security sent out an alert warning that Iran had increased its malicious cyber activity against the U.S, including so-called "wiper" attacks that render computers unusable (see: DHS: Conflict With Iran Could Spur 'Wiper' Attacks).

A few weeks later, U.S. Cyber Command issued a warning that attackers may try to exploit an older vulnerability in Microsoft Outlook to plant remote access Trojans or other types of malware within government networks. Some security experts suspect this activity is tied to an advanced persistent threat group known as APT33, which has ties to Iranian intelligence (see: US Cyber Command Warns of Outlook Vulnerability Exploits).

As a counter to some of this cyber activity, the Times reports that Cyber Command has stepped up its operations with the help of new congressional authority and an executive order giving the U.S. Defense Department more leeway to plan these types of operations.


About the Author

Scott Ferguson

Scott Ferguson

Former Managing Editor, GovInfoSecurity, ISMG

Ferguson was the managing editor for the GovInfoSecurity.com media website at Information Security Media Group. Before joining ISMG, he was editor-in-chief at eWEEK and director of audience development for InformationWeek. He's also written and edited for Light Reading, Security Now, Enterprise Cloud News, TU-Automotive, Dice Insights and DevOps.com.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.eu, you agree to our use of cookies.