The Trump administration indicted members of an Iranian hacker network on Friday, claiming that the group was responsible for “one of the largest state-sponsored hacking campaigns” the U.S. has prosecuted.
Officials said the hackers allegedly targeted dozens of U.S. universities, companies and government agencies—as well as the United Nations—and stole around 31 terabytes of data and intellectual property from entities worldwide.
The group was allegedly hired by the Iranian Revolutionary Guard Corps (IRGC), a small division of Iran’s military tasked with defending the country’s Islamic Revolution. The IRGC is controlled by Tehran’s most hardline religious leaders, and often collects information on foreign entities. Nine of the 10 people named in the indictment were connected to the Mabna Institute, an Iranian tech firm that allegedly hacks on behalf of the IRGC.
Iranian hackers have often been viewed as less skilled and less tenacious than hackers from countries like China and Russia. But Friday’s indictment, together with recent research, suggests that this is changing quickly.
“They’re more sophisticated than the other players,” Robert Katz, executive director of the Cyber Science Institute, told Newsweek.
“They had a major coordinated attack that did damage to our financial institutions on Wall Street. That was 2012, that was before we saw Russia being organized. Shortly after that, they had a physical attack against Saudi Aramco. They destroyed computers and turned them into paperweights,” Katz described.
“All of those are very sophisticated compared to all of the unsophisticated stuff we’ve seen from North Korea and the outright silly stuff we’ve seen from Russia. The Russia stuff was just a basic phishing attack,” Katz continued. Iranian hackers also attacked a U.S. dam in 2016, an attack officials at the time called “a frightening new frontier of cybercrime.”
A Department of Justice employee put up a poster of the seven indicted hackers prior to a news conference for announcing a law enforcement action on March 24, 2016, in Washington, D.C. Alex Wong/Getty Images
China, North Korea, Iran and Russia are among the world’s biggest state sponsors of cyber attacks. But experts say that only Chinese hackers steal more intellectual property than Iranian hackers. Russian hackers, meanwhile, are often easy to track.
Reports suggest that Iran, however, has developed a sophisticated network of hackers who are skilled and trained in cyberespionage, and who often go undetected.
A report released in January by the Carnegie Endowment for International Peace claimed that cyber incidents involving Iran have been among the most sophisticated and costly in the history of the Internet.
“Offensive cyber operations have become a core tool of Iranian statecraft, providing Tehran less risky opportunities to gather information and retaliate against perceived enemies at home and abroad,” the report stated, adding that the hackers often work on behalf of Iran’s Ministry of Intelligence or the IRGC.
“Though Iran is generally perceived as a third-tier cyber power—lacking the capabilities of China, Russia, and the United States—it has effectively exploited the lack of preparedness of targets inside and outside Iran,” the report continued.
Russian hackers have garnered a lot of attention over the past year, especially in the wake of the 2016 hack of the Democratic National Committee by hackers believed to be affiliated with the Russian government. But this has drawn attention away from Iranian hackers. Some cybersecurity experts say the decision to target Iranian hackers demonstrates that the U.S. government is starting to take the threat seriously.
“A country such as Iran can gain through intellectual property cyber theft what it could never develop through its own investments, years of development, and human knowledge and expertise. The country can gain the cyber espionage expertise through an ecosystem of ‘hackers for hire’ willing to steal on Iran’s behalf for a fee,” Steve Grobman, chief technology officer for the cybersecurity firm McAfee, told Newsweek
“At its most basic level, the theft of intellectual property is a theft of the future. It’s a theft of future national security, future business for companies, future wealth for a nation’s communities, future high paying jobs and future standards of living for a nation’s citizens,” Grobman continued.
This isn’t the first time the U.S. government has indicted foreigners in response to cyber attacks. Special counsel Robert Mueller indicted 13 Russian operatives and three entitites—including the notorious Internet Research Agency—for meddling in the 2016 U.S. election, and the Obama administration indicted members of China’s military in response to attacks on U.S. companies by Chinese state-sponsored hackers. The U.S. also indicted seven Iranian hackers in 2016 for cyber attacks on a dam and several banks.
Read more at Brinkwire.