Iranian hackers could target US electrical utilities

Rising fears of cyber retaliation following assassination of Qasem Soleimani  

A hacking group with links to Iran has been attempting to compromise thousands of accounts belonging to US electric utilities and oil and gas firms amid rising fears the Iranian Republic is planning a cyber retaliation in the wake of the assassination of major general Qasem Soleimani.

On Thursday, industrial control system security firm Dragos detailed new hacking activity which the company attributed to a group of state-sponsored hackers it calls Magnallium which has been previously linked to the Iranian regime. The same group is also known as APT33, Refined Kitten or Elfin.

The group has been observed carrying out sustained password-spraying attacks on US electric utilities as well as oil and gas firms. A password-spraying attack guesses common passwords for hundreds or thousands of accounts.

A related group, Parisite, has worked with Magnallium to target the US grid by exploiting vulnerabilities in virtual private networking software. Both campaigns commenced in 2019 and continue today and it’s unclear if they resulted in any breaches.

Dragos said the hackers would need to conduct a far more sophisticated campaign in order to execute a serious infrastructure attack like a digitally-induced blackout. The company found no evidence that the hackers could access the software that controls US grid operational technology. Nevertheless, Dragos founder Rob Lee warned infrastructure owners they should consider the possibility that their systems have already been compromised.

Iranian hackers have allegedly breached US utilities firms before and China and Russia have been accused of similar attacks.

The US is no stranger to critical infrastructure campaigns and is widely understood to be the culprit behind the Stuxnet malware that took down portions of Iran’s nuclear program before replicating itself and blighting thousands of systems around the world.

• Via: Arstechnica