In the wake of the US assassination of Iranian general Qassem Soleimani and the 
retaliatory missile strike that followed, Iran-watchers have warned that the 
country could deploy cyberattacks as well, perhaps even targeting US critical 
infrastructure like the electric grid. A new report lends some fresh details to 
the nature of that threat: by all appearances, Iranian hackers don't currently 
have the capability to start causing blackouts in the US. But they’ve been 
working to gain access to American electric utilities, long before tensions 
between the two countries came to a head.

On Thursday morning, industrial control system security firm Dragos detailed 
newly revealed hacking activity that it has tracked and attributed to a group 
of state-sponsored hackers it calls Magnallium. The same group is also known as 
APT33, Refined Kitten, or Elfin and has previously been linked to Iran. Dragos 
says it has observed Magnallium carrying out a broad campaign of so-called 
password-spraying attacks, which guess a set of common passwords for hundreds 
or even thousands of different accounts, targeting US electric utilities as 
well as oil and gas firms.

A related group that Dragos calls Parisite has worked in apparent cooperation 
with Magnallium, the security firm says, attempting to gain access to US 
electric utilities and oil and gas firms by exploiting vulnerabilities in 
virtual private networking software. The two groups' combined intrusion 
campaign ran through all of 2019 and continues today.


Medianews mailing list

Reply via email to