FBI: Iran Hackers May Target U.S. Energy, Defense Firms

The Federal Bureau of Investigation has warned U.S. businesses to be on the alert for a sophisticated Iranian hacking operation whose targets include defense contractors, energy firms and educational institutions, according to a confidential agency document.

The operation is the same as one flagged last week by cyber security firm Cylance Inc as targeting critical infrastructure organizations worldwide, cyber security experts said. Cylance has said it uncovered more than 50 victims from what it dubbed Operation Cleaver, in 16 countries, including the United States.

The FBI’s confidential “Flash” report, seen by Reuters on Friday, provides technical details about malicious software and techniques used in the attacks, along with advice on thwarting the hackers. It asked businesses to contact the FBI if they believed they were victims.

Cylance Chief Executive Stuart McClure said the FBI warning suggested that the Iranian hacking campaign may have been larger than its own research revealed. “It underscores Iran’s determination and fixation on large-scale compromise of critical infrastructure,” he said.

The FBI’s technical document said the hackers typically launch their attacks from two IP addresses that are in Iran, but did not attribute the attacks to the Tehran government. Cylance has said it believes Iran’s government is behind the campaign, a claim Iran has vehemently denied.

An FBI official did not provide further details, but said the agency routinely provides private industry with advisories to help it fend off cyber threats.

The Pentagon and National Security Agency had no immediate comment.

Tehran has been substantially increasing investment in its cyber capabilities since 2010, when its nuclear program was hit by the Stuxnet computer virus, widely believed to have been launched by the United States and Israel.

Cyber security professionals who investigate cyber attacks said that they are seeing evidence that Iran’s investment is paying off.

“They are good and have a lot of talent in the country,” said Dave Kennedy, CEO of TrustedSEC LLC. “They are definitely a serious threat, no question.”

Iranian hackers are increasingly being blamed for sophisticated cyberattacks.

Bloomberg Businessweek on Thursday reported that Iranian hacker activists were responsible for a devastating February 2014 attack on casino operator Las Vegas Sands Corp, which crippled thousands of servers by wiping them with destructive malware. It said the hackers sought to punish Sands CEO Sheldon Adelson for comments he made about detonating a nuclear bomb in Iran.

(Reporting by Jim Finkle. Additional reporting by Mark Hosenball and Andrea Shalal in Washington; Editing by Christian Plumb)

This article originally appeared on Recode.net.