SoylentNews is people
SoylentNews
Iranian Hackers Have Been 'Password-Spraying' the US Grid:
In the wake of the US assassination of Iranian general Qasem Soleimani and the retaliatory missile strike that followed, Iran-watchers have warned that the country could deploy cyberattacks as well, perhaps even targeting US critical infrastructure like the electric grid. A new report lends some fresh details to the nature of that threat: By all appearances, Iranian hackers don't currently have the capability to start causing blackouts in the US. But they've been working to gain access to American electric utilities, long before tensions between the two countries came to a head.
On Thursday morning, industrial control system security firm Dragos detailed newly revealed hacking activity that it has tracked and attributed to a group of state-sponsored hackers it calls Magnallium. The same group is also known as APT33, Refined Kitten, or Elfin, and has previously been linked to Iran. Dragos says it has observed Magnallium carrying out a broad campaign of so-called password-spraying attacks, which guess a set of common passwords for hundreds or even thousands of different accounts, targeting US electric utilities as well as oil and gas firms.
A related group that Dragos calls Parisite has worked in apparent cooperation with Magnallium, the security firm says, attempting to gain access to US electric utilities and oil and gas firms by exploiting vulnerabilities in virtual private networking software. The two groups' combined intrusion campaign ran through all of 2019 and continues today.
Dragos declined to comment on whether any of those activities resulted in actual breaches. The report makes clear, though, that despite the IT system probes they saw no sign that the Iranian hackers could access the far more specialized software that controls physical equipment in electric grid operators or oil and gas facilities. In electric utilities in particular, digitally inducing a blackout would require far more sophistication than the techniques Dragos describes in its report.
But given the the threat of Iranian counterattacks, infrastructure owners should nonetheless be aware of the campaign, argues Dragos founder and former NSA critical infrastructure threat intelligence analyst Rob Lee. And they should consider not just new attempts to breach their networks but also the possibility that those systems have already been compromised. "My concern with the Iran situation is not that we're going to see some new big operation spin up," Lee says. "My concern is with access that groups might already have."
(Score: 2) by deimios on Monday January 13 2020, @03:20PM (2 children)
I recently had to block the range 46.38.144.0 because it was attempting to guess the IMAP password. This is a Romanian mail server. So I guess it's all NATO countries.
(Score: 1, Funny) by Anonymous Coward on Monday January 13 2020, @03:30PM (1 child)
I got an email from MMORPG Tibia that someone tried to access my game even though I haven't played it for almost 10 years. I changed my password and played it for a few minutes. Still at lvl 300.
(Score: 1) by khallow on Monday January 13 2020, @07:22PM