For the past two years, a team of Iranian hackers has compromised computers and networks belonging to over 50 organizations from 16 countries, including airlines, defense contractors, universities, military installations, hospitals, airports, telecommunications firms, government agencies, and energy and gas companies. The attacks have collectively been dubbed Operation Cleaver after a string found in various malware tools used by the hacker group.
A report released today by the security firm Cylance sheds new light on Iran’s military hacking program, suggesting the country’s capabilities may be far beyond what many expect. Over the past two years, a group tracked by Cylance has attacked more than 50 targets across 16 countries, including the US, South Korea, Israel, and Pakistan, in what researchers have dubbed “Project Cleaver.” The group has paid particular attention to airlines, manufacturers, and defense contractors. In some cases, the group gained access to security control systems at airport gates, potentially allowing for forged gate credentials that would circumvent airport security. They also gained access to PayPal credentials and industrial control systems from other targets.