FRESH AIR

Hezbollah cyberattack on Australian company is part of a growing cyber-threat emanating from Iran

Feb 17, 2021 | Oved Lobel

Cyber

On February 9, the Sydney Morning Herald reported that a Hezbollah-linked hacking group dubbed Volatile Cedar had targeted servers run by the Australian-based technology giant Atlassian, as well as those from US-based Oracle, across the globe with remote access trojans (RATs). The potential security and criminal implications of the hack are significant, as Hezbollah was able to vacuum up a lot of personal data, including client call records. Troy Hunt, an independent security researcher cited in the report, asks, “If it’s a state-backed hack, are there critical infrastructure services using these products for power plants, sewage treatment, airports? Is it partly corporate espionage, people looking for trade secrets, information to gain a competitive advantage?” 

Hezbollah is the Lebanese proxy of Iran’s Islamic Revolutionary Guard Corps (IRGC), making this, in essence, a state-backed hack. While Hezbollah receives significant funding from Iran, it also runs a global criminal enterprise spanning the range of criminal activities, including, it now appears, cybercrime. This provides a lucrative funding stream, especially useful now that Iran is under crushing sanctions.  

Whether the information gleaned by Volatile Cedar is used for espionage or profit, it should be considered part of Iran’s international operations. Another IRGC client, the Palestinian terrorist group Hamas, also allegedly provides Iran with the data it hoovers up using facilities in Turkey in exchange for financial support. AIJAC has documented some of the cyber-capabilities of Hamas, Hezbollah and other Iranian proxies and how such activities fit into Iran’s broader strategy.

The IRGC itself has targeted Australia multiple times, including the shipbuilder Austal as well as dozens of Australian universities and research institutions, part of a global campaign to steal data and secret research worth billions of dollars.

And the IRGC’s malicious cyberactivity is only getting worse. One Iranian hacking group, dubbed Infy or Prince of Persia, which primarily targeted Iranian dissidents abroad, was thought to have become defunct in 2017 after about ten years of activity. However, cybersecurity firms Check Point and SafeBreach Labs say they’re now back and better than ever: “following a long downtime, the Iranian cyber attackers were able to regroup, fix previous issues and dramatically reinforce their OPSEC activities as well as the technical proficiency and tooling capabilities.”  

Check Point says Infy has managed to capture “over 1.5 gigabytes of personal information, documents, audio and video recordings” in 2020. While Israel was targeted by Infy in its original incarnation, the current campaign is apparently solely focussed on Iranians.  

A separate group, Domestic Kitten (APT-50), is also charged with the surveillance of Iranian dissidents inside and outside Iran, and like Infy, likes to trick users into installing spyware onto their phones and computers by disguising it as something else. Check Point says there were over 600 successful infections. One of its researchers, Yaniv Balmas, explained that these groups were disturbingly resilient. “It is clear that the Iranian government is investing significant resources into cyber-operations. The operators of these Iranian cyber-espionage campaigns seem to be completely unaffected by any counter-activities done by others, even though both campaigns had been revealed and even stopped in the past. They have simply restarted.” 

Iran’s disinformation operations in the US are also continuing. After masquerading as the far-right group The Proud Boys, and sending threatening emails warning everyone to vote for Donald Trump prior to the election, Iran is now said to be behind a website called Enemies of the People. According to the FBI, Iran is using the site, which mimics the activities and statements of the most violent and radical Trump supporters, to “create fear, divisions, and mistrust in the United States and undermine public confidence in the US electoral process.” This includes revealing the personal information – doxing – of US officials.  

Meanwhile, a recent cyberattack against a water treatment facility in a small town in Florida aiming to poison the water supply bears a strong similarity to an IRGC cyberattack against Israeli water treatment facilities last year. While there is still no clarity concerning who conducted the cyberattack against the Florida plant, Israel has offered to aid the US investigation, with Israel’s National Cyber Directorate telling Fox News that it had “contacted its U.S. equivalents about the case.” The President and CEO of the Cyber Threat Alliance, Michael Daniel, recently testified regarding the hack that “Iran has shown itself very interested in water systems in other countries like Israel and even in the United States.” 

Needless to say, this attack underlined how much more than information is at risk from Iran-linked cyberactivity. The Florida cyberattacks attempted to flood the water supply with toxic sodium hydroxide –  used in small quantities in water treatment to control water acidity and to help remove heavy metals – and could potentially have made thousands ill if it had not been quickly caught by a controller.

Iranian cyber-operations are likely to get a boost from the recently signed deal on cooperation in cyberspace between Iran and Russia, the terms of which are very expansive and likely mark an escalation in the cybersphere. Already in April 2020, the US State Department warned of convergence between Iran, Russia and China in spreading disinformation regarding COVID-19, and as AIJAC previously covered, some intelligence officials suggest there’s ‘a countervailing alliance in cyberspace made up of Russia, China and Iran to oppose the “Five Eyes” – the intelligence alliance of the US, UK, Canada, Australia and New Zealand.’ 

Regardless of the depth of cooperation with China and Russia, Iran’s capabilities in cyberspace are clearly improving, and that will likely mean more credible disinformation operations, more sophisticated cyberattacks and improved espionage capacity, in Australia and elsewhere.  

RELATED ARTICLES


Osama Bin Laden interviewed on Al Jazeera, October 2001 (credit: Maher Attar/Sygma/Corbis via Globovisión)

Al Jazeera, Qatar and the Taliban

Aug 31, 2021 | Featured, Fresh AIR
Melbourne anti-lockdown protest (screenshot)

The covert antisemitism at the Melbourne anti-lockdown protest on Saturday

Aug 26, 2021 | Featured, Fresh AIR
Iranian President Ebrahim Raisi (credit: Hossein Razaqnejad)

Sanctioned terrorists and ultra-hardliners – inside the new Iranian cabinet

Aug 25, 2021 | Featured, Fresh AIR
Copy Of Background AIjac Twitter

It is time for Australia to adopt the IHRA definition of antisemitism

Aug 20, 2021 | Featured, Fresh AIR
Turkish President Recep Tayyip Erdogan and his intelligence chief Hakan Fidan meet with Hamas leadership, including US Specially Designated Global Terrorist Saleh al-Arouri, in Turkey, August 2020 (credit: Office of the Presidency of the Republic of Turkey)

Turkish conference underlines growing role of Ankara as key driver of global Islamist extremism

Aug 3, 2021 | Featured, Fresh AIR
Israel's President Isaac Herzog receives a booster vaccination. (Credit: GPO)

Lessons from Israel’s fourth COVID-19 wave 

Aug 2, 2021 | Featured, Fresh AIR

SIGN UP FOR AIJAC EMAILS

RECENT POSTS

Dara Horn's stories of Anne Frank (left) and Varian Fry reveal how Jews are sometimes used as props for moral causes (Source: Wikipedia)

Biblio File: Death becomes them

(Credit: Shutterstock)

Media Microscope: The Prison Doctor?

To make anti-Israel charges stick, activists have to erase the fact that a Palestinian state could today be more than a decade old if successive Palestinian leaders had not said no to Israeli peace offers (Credit: Shutterstock/ Roman Yanushevsky)

Essay: Critical Omissions

Hanif Bismi (YouTube Screenshot)

Pro-Iran propaganda on 5 News

Then-Israeli Prime Minister Benjamin Netanyahu, UAE Foreign Affairs Minister Sheikh Abdullah bin Zayed bin Sultan Al Nahyan and Bahrain Foreign Affairs Minister Sheikh Khalid Bin Ahmed Al-Khalifa at the Abraham Accords signing ceremony in Washington DC, 15 September 2020.  (Credit: EPA/JIM LO SCALZO)

A year into the Abraham Accords shines a light into future

Dara Horn's stories of Anne Frank (left) and Varian Fry reveal how Jews are sometimes used as props for moral causes (Source: Wikipedia)

Biblio File: Death becomes them

(Credit: Shutterstock)

Media Microscope: The Prison Doctor?

To make anti-Israel charges stick, activists have to erase the fact that a Palestinian state could today be more than a decade old if successive Palestinian leaders had not said no to Israeli peace offers (Credit: Shutterstock/ Roman Yanushevsky)

Essay: Critical Omissions

Hanif Bismi (YouTube Screenshot)

Pro-Iran propaganda on 5 News

Then-Israeli Prime Minister Benjamin Netanyahu, UAE Foreign Affairs Minister Sheikh Abdullah bin Zayed bin Sultan Al Nahyan and Bahrain Foreign Affairs Minister Sheikh Khalid Bin Ahmed Al-Khalifa at the Abraham Accords signing ceremony in Washington DC, 15 September 2020.  (Credit: EPA/JIM LO SCALZO)

A year into the Abraham Accords shines a light into future

SORT BY TOPICS