Iranian Hackers Targeting Physical Attacks
There is a new group of Iranian hackers that seems to be getting ready to launch physical attacks. The group, which goes by several names including Elfin, Refined Kitten, and APT33, has recently been coordinating attacks to steal login credentials from people, but it now apparently has its sights set on bigger targets.
Why the Iranian Hackers are a Major Threat
The group is apparently now targeting manufacturers of the industrial control systems that serve as part of the critical infrastructure for power grids. According to Microsoft, the group appears to be laying the groundwork for a series of largescale cyber-attacks.
So far, no direct evidence has presented itself, but Microsoft’s threat intelligence group has seen anecdotal evidence that something is on the horizon. Specifically, evidence suggests that the group may have been involved in the recent gas pipeline attack on Saudi Arabia’s oil facilities.
The main reason that attacks on industrial control systems represent low-hanging fruit for the hackers is because these systems are old and pieced together to integrate with the internet – something they were not originally designed to do. And once these systems are compromised, the malicious players can deploy a wide variety of attacks, up to and including taking down an entire power grid.
To help protect these systems, in July 2019 the federal government announced a plan to require the utilization of “retro” technologies (i.e., not online) as part of the Securing Energy Infrastructure Act (SEIA). This would make an attack more difficult because the attackers would need to physically access the equipment as opposed to gaining backdoor access via the internet.
Despite these mitigating steps, this remains a huge threat. The Iranian hackers are very advanced, having been tutored by Russian and Chinese hackers, and the country has made cyber warfare a key element of its plans to advance its political goals. Time will tell if the Iranian hackers will be able to gain any kind of a foothold, but grid operators would be well-advised to be on high alert over the possibility.