|[December 02, 2014]
Cylance's 'Operation Cleaver' Report Exposes Coordinated Cyber Attacks on Global Critical Infrastructure by Iran-Based Hackers
Cylance, the first math-based advanced threat detection and prevention
cybersecurity company, today released a report detailing coordinated
attacks by hackers based in Iran on more than 50 targets in 16 countries
around the globe. Victim organizations were found in a variety of
critical industries, with most attacks on airlines and airports, energy,
oil and gas, telecommunications companies, government agencies and
The report - titled "Operation Cleaver" because the Cleaver name was
included several times in the custom software used in the cyber hacks -
covers more than two years of attacks by individual contractors and a
hacking team fronting as a construction engineering company based in
Tehran. Through custom and publicly available tools that use, among
other methods, SQL Injection, spear phishing, water holing attacks and
hacking directly through public websites, the attackers were able to
extract highly sensitive and confidential materials and compromise
networks with persistent presence to such a severity that they have
control over networks of victims in 16 countries. Cylance found
significant victims in Canada, China, England, France, Germany, India,
Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea,
Turkey, United Arab Emirates and the United States.
"We discovered the scope and damage of these operations during
investigations of what we thought were separate cases," said Stuart
McClure, CEO of Cylance. "Due to the choice of critical infrastructure
victims and the Iranian team's quickly improving skillset, we are
compelled to publish this report. By exposing our intelligence on
Cleaver, we hope the information we hare can reveal the techniques and
tools of this group, drawing global attention to attacks on critical
infrastructure and preventing attacks which could endanger human lives."
The attackers extracted large amounts of data, including swaths of
sensitive employee information and schedule details; identification
photos; information about airport and airline security; and PDFs of
network, housing, telecom, and electricity diagrams suggesting the
attacks may have other motives than financial or intellectual property.
The targets belong to one of five groups:
Oil and Gas/Energy/Chemical - Targets discovered include a
company specializing in natural gas production, electric utilities
organizations, as well as a variety of oil and gas providers. This group
was a particular focus of the hackers.
Government/Defense - Targets discovered include a large defense
contractor and major U.S. military installation. Cylance can confirm one
of those targets was San Diego's Navy Marine Corp Intranet, where
unclassified computers were hacked.
Airports/Transportation - Targets discovered include airports,
airlines, automobile manufacturers, as well as transportation networks.
The most concerning evidence collected was the targeting and compromise
of transportation networks and systems such as airlines and airports in
South Korea, Saudi Arabia and Pakistan.
Telecommunications/Technology - Targets discovered include
telecom and technology companies in several countries.
Education/Healthcare - Targets discovered include multiple
colleges and universities, often with an emphasis on medical schools.
Large amounts of data on foreign students have been taken, including
images of passports and social security cards.
Cylance discovered these coordinated attacks when it was contracted to
investigate multiple security breaches across a variety of
organizations. Through its fundamentally new approach of applying math
and machine learning to cybersecurity, Cylance uncovered previously
undetected malware and attacks tied to the hacker team. Cylance is
committed to responsible disclosure, and has notified all known victims
discovered during its investigation, prior to the publishing of this
The full report with details on the sources and techniques can be
accessed at www.cylance.com.
Cylance is the first company to apply artificial intelligence,
algorithmic science and machine learning to cyber security and improve
the way companies, governments and end users proactively solve the
world's most difficult security problems. Using a breakthrough
mathematical process, Cylance quickly and accurately identifies what is
safe and what is a threat, not just what is in a blacklist or whitelist.
By coupling sophisticated math and machine learning with a unique
understanding of a hacker's mentality, Cylance provides the technology
and services to be truly predictive and preventive against advanced
threats. For more information, visit www.cylance.com.
[ Back To TMCnet.com's Homepage ]