There’s still some debate over the scale of Iran’s reported Operation Cleaver hacking campaign, but the FBI is clearly taking it seriously. According to Reuters’ copy of a confidential report, the federal law enforcement agency is warning businesses of advanced Iranian hacks targeting American defense, education and energy firms. The alert stops short of accusing Iran of a cyberwarfare campaign, but notes that the attacks usually come from two connections within the country. There isn’t exactly a huge list of suspects here.
The Federal Bureau of Investigation has warned U.S. businesses to be on the alert for a sophisticated Iranian hacking operation whose targets include defense contractors, energy firms and educational institutions, according to a confidential agency document. The operation is the same as one flagged last week by cyber security firm Cylance Inc as targeting critical infrastructure organizations worldwide, cyber security experts said. Cylance has said it uncovered more than 50 victims from what it dubbed Operation Cleaver, in 16 countries, including the United States. The FBI’s confidential “Flash” report, seen by Reuters on Friday, provides technical details about malicious software and techniques used in the attacks, along with advice on thwarting the hackers. It asked businesses to contact the FBI if they believed they were victims. Cylance Chief Executive Stuart McClure said the FBI warning suggested that the Iranian hacking campaign may have been larger than its own research revealed. “It underscores Iran’s determination and fixation on large-scale compromise of critical infrastructure,” he said. The FBI’s technical document said the hackers typically launch their attacks from two IP addresses that are in Iran, but did not attribute the attacks to the Tehran government. Cylance has said it believes Iran’s government is behind the campaign, a claim Iran has vehemently denied.