WASHINGTON — Hackers working for Iran have targeted at least 50 companies and government organizations, including commercial airlines, looking for vulnerabilities that could be used in physical attacks, cyber-security firm Cylance Inc. said.
Smoke billows from Jinnah International Airport in Karachi in this June 9 file photo. Taliban militants attacked Jinnah International Airport in Karachi, sparking a five-hour gun battle that killed at least 34 people. Cyber-security firm Cylance said in a report this week that Iranian hackers stole some information that was related to a gate where the attack began. (Reuter photo)
The hackers infiltrated the computer systems of carriers and their contractors in Pakistan, the United Arab Emirates and South Korea, the Irvine, California-based firm said in a Tuesday report outlining the results of a two-year investigation. They broke into the computers of suppliers responsible for aircraft maintenance, cargo loading and refueling, according to the report and Cylance analysts, and stole credentials that could be used to impersonate workers.
In the US, computers belonging to chemical and energy companies, defence contractors, universities and transportation providers were hacked in what Cylance dubbed Operation Cleaver. The report said the Iranian group is the same one that breached the US Navy's unclassified computer system in September 2013.
The capabilities of Iranian cyberspies have advanced to the point that the country is quickly becoming a top-tier cyber power, according to the report. While the group Cylance followed appears to have been focused on intelligence gathering, the choice of targets raises security fears, the report said.
"If the operation is left to continue unabated, it is only a matter of time before they impact the world's physical safety," the report said.
Cylance said it provided the information it collected to the US Federal Bureau of Investigation. The FBI is already looking into Iranian hacking, including the Navy breach, according to two people familiar with that probe.
Cylance CEO Stuart McClure listens during the third day of Reuters CyberSecurity Summit in Washington, in this May 14, 2014 file photo. Iranian hackers have infiltrated major airlines, energy companies and defence firms around the globe over the past two years in a campaign that could eventually cause physical damage, according to US cyber-security firm Cylance. (Reuters photo)
Hamid Babaei, the spokesman for the Iranian mission to the United Nations in New York, denounced the report. "This is a baseless and unfounded allegation fabricated to tarnish the Iranian government image particularly aimed at hampering current nuclear talks," Mr Babaei said in an e-mail.
Four targets
While Cylance didn't identify the targets, a person familiar with the law-enforcement investigation said they include Pakistan International Airlines; Korean Air; Petroleos Mexicanos, the world's ninth-largest oil producer; and Calpine Corp., a power company with generation facilities in California, Texas and the mid-Atlantic.
Muhammad Haneef Rana, a spokesman for Pakistan International Airlines, said he wasn't aware of any threat from hackers. "We are well secured and our firewall is in place," he said.
Korean Air and Pemex declined to comment, and Calpine didn't immediately respond to a request for comment. Joshua S. Campbell, a spokesman for the FBI, declined to comment on the report or its conclusions.
Bypassing airport security
There may be reason for concern given the information the hackers sought to take, said Cylance's founder and CEO, former McAfee Chief Technology Officer Stuart McClure. The report said they stole passport photos, employee credentials and data that could be used to impersonate workers and bypass airport security checkpoints.
They also accessed details about computer systems at major Middle Eastern airports, including Pakistan's Jinnah International Airport in Karachi, Mr McClure said. Armed Taliban militants disguised as security staff workers stormed the airport in June, killing more than 30 people.
The report doesn't link that to the hack but Mr McClure said some information stolen was related to a gate where the attack began.
The report paints a picture of a persistent, aggressive operation aimed at undermining vital components of nations' transportation systems, and highlights the growing danger that state-sponsored hacking poses to civilian infrastructure.
"If you've gone from financial to oil and gas and you're switching to avionics, you're talking about the whole of critical infrastructure," said Joe DeTrani, former senior adviser to the US Director of National Intelligence and president of the Intelligence and National Security Alliance. "If one is looking at the battlespace, certainly the air, avionics and airports and related facilities would be part of the equation."