Iranian Hackers Target UK Organizations in Ongoing Attack

Written by

State-sponsored Iranian hackers have been blamed for a newly disclosed cyber-attack campaign against UK government and private sector targets last December.

The ongoing campaign has already compromised the personal details of thousands of employees, including those working in banks, local government and the Post Office.

The latter two were hit in a raid on December 23, according to Sky News.

The National Cyber Security Centre (NCSC) told the broadcaster it is “aware of a cyber-incident affecting some UK organizations in late 2018" and that it is “working with victims and advising on mitigation measures.”

The email address and mobile phone number of Post Office chief Paula Vennells is said to be among the compromised personal details.

It’s unclear what the end goal is, although the data collection exercise could be followed by spear-phishing-led campaign to steal more sensitive information from government and private sector networks.

The Iranian Revolutionary Guard-linked group behind the campaign is apparently the same one blamed for the 2017 brute force attack on parliamentary accounts. In that raid, around 1% of the 9-10,000 accounts targeted were successfully compromised, with some individuals also being subjected to vishing attempts to trick them into divulging log-ins.

MPs were also targeted by a phishing campaign in February after a Tory lawmaker’s email account was compromised and dozens of his colleagues were added to a WhatsApp group by the hacker.

David Atkinson, CEO of Senseon and former government “cyber operative,” argued the news demonstrates how nation state attacks can affect a wide sweep of organizations.

“This attack also shows that we need to change awareness of what constitutes critical infrastructure. Again, we are not just talking about the energy sector, communications, and industrial organizations,” he added.

“Threat actors will also target the economy and if a large-scale attack is launched against the UK’s banks, you can bet the situation will quickly become critical. The government has a responsibility to ensure a good standard of security and defense across all major organizations to safeguard the UK.”

Darren Anstee, CTO at NETSCOUT, argued that Iranian groups are increasingly combining custom-made tools with commodity crimeware to extend their reach and impact.

“Political disruption provides a fertile ground for cyber-attacks against government, non-government and international organizations, meaning it’s hardly surprising malicious actors in Iran have mounted an attack against the UK,” he added.

“As a result, it is critical that governments and organisations make themselves aware of these new methods to disrupt and interfere with domestic and international affairs. It is also essential that governments and businesses collaborate closely to neutralize threats and prevent attacks on national institutions.”

What’s hot on Infosecurity Magazine?