Iran, like others, has recently focused on moving upstream by compromising telecoms and travel. That way they can identify and track specific people. These operations put people in physical danger, especially in terrorism scenarios. 2/xhttps://www.fireeye.com/blog/threat-research/2019/01/apt39-iranian-cyber-espionage-group-focused-on-personal-information.html …
-
-
Prikaži ovu nit
-
Some of this activity has been enabled by DNS shenanigans, which was a leap forward for their operations. This report discusses those operations as well as some we attribute to SeaTurtle, another actor. 3/xhttps://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html …
Prikaži ovu nit -
Of course these actors will also be conducting cyber espionage on government and military targets now. We saw a spike in activity during tensions last summer that NSA publicly indicated was probably designed to understand policy maker thinking. 4/xhttps://www.cyberscoop.com/nsa-iran-cyber-operations-david-hogue/ …
Prikaži ovu nit -
Another facet of the Iranian cyberthreat is the cyberattack (disruptive/destructive) capability posed by Iran. Will they cripple our society? I highly doubt it. Could they score some major blows against individual companies and maybe even the US sense of security? Absolutely. 5/x
Prikaži ovu nit -
This is one area where they enjoy a real asymmetric advantage. The US' vastly technically superior intelligence/military capability won't be absorbing cyberattacks from Iran. It will be our incredibly complex, technology-reliant economy. Even if only individual participants. 6/x
Prikaži ovu nit -
There's plenty of history of Iranian attacks in the US. Financial sector and other businesses were hit with disruptive and destructive attacks. I was also very concerned with a massive critical infrastructure probing effort called Operation Cleaver. 7/x https://www.cylance.com/content/dam/cylance/pdfs/reports/Cylance_Operation_Cleaver_Report.pdf …
Prikaži ovu nit -
Iran seemed to refocus these efforts in-region after JCPOA, carrying out spate after spate of destructive attacks. Zerocleare is a tool they have recently leveraged in this manner. 8/xhttps://securityintelligence.com/posts/new-destructive-wiper-zerocleare-targets-energy-sector-in-the-middle-east/ …
Prikaži ovu nit -
For my money, the most disconcerting development in Iranian cyber attack capability has been targeting of the ICS supply chain. Russia and North Korea proved you want to drop on systems simultaneously for maximum destructive effect. 9/xhttps://www.wired.com/story/iran-apt33-industrial-control-systems/ …
Prikaži ovu nit -
It's important to remember that you usually can't just carry out these attacks overnight. It takes time to dig in. For years, we've seen an effort to dig in to critical infrastructure in the Middle East. Those options may be on already on the shelf and held in reserve. 10/x
Prikaži ovu nit -
It will be interesting to see if there's an effort to probe US domestic critical infrastructure in light of events. That may serve as a warning. As things were getting rather tense with North Korea, we found an early effort to probe US infrastructure.11/xhttps://www.fireeye.com/blog/threat-research/2017/10/north-korean-actors-spear-phish-us-electric-companies.html …
Prikaži ovu nit -
One way to wrap your head around this problem is to consider the ransomware incidents we've seen of late. Ransomware with no hope of ransom is just destructive malware. Our recent experiences, especially with respect to municipal and transit targets, should be a guide. 12/x
Prikaži ovu nit -
Last, but no least, we are already seeing Iran ramp up disinformation related to this situation. Iran has a maturing, increasingly complex disinformation capability that we first identified.13/xhttps://www.fireeye.com/blog/threat-research/2018/08/suspected-iranian-influence-operation.html …
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.