Hackers had "extracted highly sensitive materials" from government agencies and major critical infrastructure companies. Photo: Digital Journal

State-sponsored Iranian hackers pose grave security threat: Cylance report


Iranian hackers have managed to penetrate and steal information from governments and companies around the world since 2012, posing a grave security threat, researchers say in a new report,

The report by the security firm Cylance released on Tuesday said the hackers had "extracted highly sensitive materials" from government agencies and major critical infrastructure companies in China, the United States, Britain, Canada, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey and the United Arab Emirates.

Cylance researchers called the effort "Operation Cleaver" and said it has "conducted a significant global surveillance and infiltration campaign".

The group was believed to work from Tehran, with help from others located in the Netherlands, Canada and Britain, the report said.

Targets included government networks as well as companies involved in military, oil and gas, energy and utilities, transportation, airlines, airports, hospitals, telecommunications, technology, education and aerospace.

"During intense intelligence gathering over the last 24 months, we observed the technical capabilities of the Operation Cleaver team rapidly evolve faster than any previously observed Iranian effort," the report said.


"As Iran's cyberwarfare capabilities continue to morph, the probability of an attack that could impact the physical world at a national or global level is rapidly increasing. Their capabilities have advanced beyond simple website defacements."

The report said Iran appeared to ramped up its cyberwarfare capabilities after being hit by attacks including the Stuxnet worm, widely believed to be led by the United States or Israel, and which targeted its nuclear energy programme.

"Retaliation for Stuxnet began almost immediately in 2011," Cylance researchers said.

Cylance said it had likely uncovered just "a fraction of Operation Cleaver's full scope" and added that "if the operation is left to continue unabated, it is only a matter of time before the world's physical safety is impacted by it".


Cylance said the effort was a "state-sponsored campaign" with the potential to affect airline safety and industrial systems.

It added the hackers may be looking at collaborating with counterparts in North Korea to attack companies in South Korea.

This article appeared in the South China Morning Post print edition as: State-sponsored Iranian hackers pose gravesecurity threat: report