By Hank Russell
The Federal Bureau of Investigation (FBI) recently announced that Iranian-affiliated cyber actors may target U.S. devices and networks in an effort to conduct disruptive cyberattacks. This includes American defense companies which hold interests in or have a relationship with Israel, as well as poorly secured U.S. networks and Internet-connected devices.
“Iranian-affiliated cyber actors and aligned hacktivist groups often exploit targets of opportunity based on the use of unpatched or outdated software with known Common Vulnerabilities and Exposures (CVEs) or the use of default or common passwords on internet-connected accounts and devices,” the FBI said in a statement.
Among the tactics used by hackers and cyber actors are automated password guessing, cracking password hashes using online resources and entering default passwords from the manufacturer. When they specifically target operational technology (OT), they also use system engineering and diagnostic tools to target different entities like engineering and operator devices, performance and security systems and vendor and third-party maintenance and monitoring systems.
“Over the past several months, Iranian-aligned hacktivists have increasingly conducted website defacements and leaks of sensitive information exfiltrated from victims,” the FBI stated. “These hacktivists are likely to significantly increase distributed denial of service (DDoS) campaigns against U.S. and Israeli websites due to recent events.”
When the Israel-Hamas conflict took place between November 2023 and January 2024, cyber actors aligned with the Iranian Islamic Revolutionary Guard Corps actively targeted and compromised Israeli-made programmable logic controllers and human machine interfaces. This affected those in the U.S. water and wastewater, energy, food and beverage manufacturing, healthcare and public health sectors.
When the conflict began, Iraninan-affiliated cyber actors hacked into companies’ websites, stole their data and leaked it online. They also posted anti-Israel, pro-Iran content on social media and sent threats and harassing messages through direct messaging. This resulted in financial losses and reputational damage for the victims.
But Ed Eisenstein, the chief executive officer of United Network Associates, Inc., an IT and cybersecurity management firm based in Farmingdale, said these attacks go back years. He cites Operation Ababil from 2012 to 2013, when the Izz ad Din al-Qassam Cyber Fighter, which was tied to Iran, launched DDoS attacks on major U.S. banks and the New York Stock Exchange, temporarily disrupting their services.
Before that, there were hackers such as Charming Kittie, Rocket Kitten & Elfin Team, Operation Newscaster and Qassam Cyber Fighters, which exploited security lapses in websites, sent fraudulent emails in order to obtain sensitive information and distributed false news stories. These hackers mostly targeted the U.S. defense, aerospace, energy, military snd petrochemical sectors and think tanks.
“International cyber warfare is on the rise and has been an effective form of manipulation for a number of years,” Eisenstein said. “Known weaknesses in American infrastructure make cyberattacks more effective in disrupting everyday life for Americans. A serious effort needs to be made to secure and harden the American road, water, flight and supply chain to minimize the effects of a disruption.”