Major cyber attack on key UK infrastructure – Iran blamed
Incidents of cyber attack, data theft or just plain hacking are so often reported in the news these days that they are now viewed as an expected hazzard in the internet age. And this week is no exception, as this story illustrates…
A major cyber attack on key UK infrastructure is being blamed on Iran, following a wave of cyber assaults targeting various parts of the UK’s national infrastructure during the run up to Christmas 2018.
A number of private sector companies, including banks were also compromised in what has been described as an “ongoing” campaign. Sky News has learnt that the Post Office and local government networks were both hit in coordinated attacks on 23 December.
The National Cyber Security Centre said it was “aware of a cyber incident affecting some UK organisations in late 2018” and that it was “working with victims and advising on mitigation measures”. Personal details belonging to thousands of employees were stolen, including the email address and mobile phone number of Post Office CEO Paula Vennells.
Cyber security experts in California have concluded that a group with connections to the Iranian Revolutionary Guard was responsible for this attack, as well as the attack on the UK’s parliamentary network in 2017. Sky News has seen the 10,204 data records that were stolen from the parliament global address lists during that attack including addresses, company positions and phone numbers.
The mobile phone numbers of at least 10 peers and MPs were among the compromised data. Lewis Henderson, vice-president of threat intelligence at cyber security company Glasswall, said the data could be used to start a deeper attack…
As we’ve seen, you can do anything… influence elections, in particular. You can start to impersonate people within that government as well and be utterly convincing, …The levels of trust that the global address list puts in place is completely eroded once you’ve lost that information, once it’s out there in the hands of the attackers. …We know that they could be impersonating members of our own government and starting to alter and disrupt communications.
Sky News has informed British security services of the findings, and although they haven’t publicly confirmed Iran’s involvement, four separate security sources say they believe it to be accurate.
It is further confirmation that Iran is engaged in an ongoing cyber campaign against the West after nine key leaders and affiliates of a group called The Mabna Institute were indicted by the FBI in February 2018. The Mabna Institute is linked to the Iranian government. The charges included aggravated access to computer systems, wire fraud and stealing proprietary data.
The FBI said that victims of the group included approximately 144 US universities, 176 foreign universities in 21 countries, two international NGOs, five federal and state agencies in the US, and 11 private foreign companies.
It is understood the group was reorganised following those indictments, but continues to operate in a splintered form and now includes hackers from Lebanon, Palestine and Syria. Emily Orton, co-founder of the cyber firm Darktrace, says the problem is severe, commenting:
We’re in the Wild West of hacking at the moment. If you speak to any of the critical infrastructure providers in this country or any other, you will see that they are dealing with attacks like this pretty much on a daily basis.
Last month, at the Munich Security Conference in Germany, Iran was described by one European intelligence chief as being a major cyber threat to the West, third only in its behaviour to Russia and China.
Meanwhile, last week, 99 websites used by Iranian hackers to launch cyberattacks were seized by Microsoft after the tech firm took a hacking group to court. Microsoft said the group, who it calls Phosphorus and others call APT35, has tried to steal sensitive information from activists, journalists and others in the Middle East.
Sources and credits: Sky News