Iranian hackers have broken into the systems of airlines, hospitals, universities, defence contractors, energy companies, telecommunications firms and government agencies around the world over the last two years, stealing confidential security documents in the process.
Researchers at cybersecurity firm Cylance revealed other types of compromised information included employee details - such as schedules and ID card data - plus PDFs of airport security systems and measures.
Systems in as many as 50 companies in 16 countries were infiltrated in the attacks, and it's fear they could have compromised national security in countries including Canada, China, England, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey, United Arab Emirates and the United States.
"Ten of these victims are headquartered in the US and include a major airline, a medical university, an energy company specialising in natural gas production, an automobile manufacturer, a large defense contractor, and a major military installation," Cylance said in its report, entitled Operation Cleaver.
"We believe that if the operation is left to continue unabated, it is only a matter of time before the team impacts the world's physical safety."
It's thought the hackers were part of a Tehran-based group that performed a cyber attack on the US Navy's network last year, but Iranian officials denied the country was responsible for the hacks.
Hamid Babaei, head of the press office in the Mission of the Islamic Republic of Iran to the United Nations told Reuters: "This is a baseless and unfounded allegation fabricated to tarnish the Iranian government image, particularly aimed at hampering current nuclear talks."
Cylance didn't reveal how the attackers managed to hack into systems, but it's thought they used malware to get access to employee records and then used these identities to siphon off other confidential documents.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
300 days under the radar: How Volt Typhoon eluded detection in the US electric grid for nearly a yearAnalysis Lengthy OT lifespans give attackers time to penetrate networks underpinning critical infrastructure and plan future disruption
-
The business value of Zscaler Data ProtectionWhitepaper Understand how this tool minimizes the risks related to data loss and other security events
-
Why your business needs zero trustWhitepaper How zero trust can right the wrongs of legacy security architecture
-
Definitive guide to ransomware 2023Whitepaper A guide to help rethink your defence against ransomware threats
-
Why Fulham FC’s geography makes running IT so challengingCase Study Fending off cyber criminals and keeping equipment updated on match days is more difficult than you might think
-
Hardware security and confidential computing in server platformswhitepaper Computing security is central to IT infrastructure transformation
-
Capita cyber attack could cost firm up to $25 million in feesNews Capita’s costs in the wake of a cyber attack could exceed expectations, experts have warned
-
Capita finally admits breach affecting 4% of its servers
News It also allegedly misled the public about when the breach took place
