Suspected Iran Regime -Linked Cyber Hijacking Campaign
By Amir Taghati
Last Friday, the Government Communications Headquarters (GCHQ), the intelligence and security organization responsible for providing information assurance to the government and armed forces of the United Kingdom, warned that it is investigating a “large-scale hijacking campaign that has reportedly affected government and commercial organizations worldwide.”
The alert was issued by the GCHQ’s National Cyber Security Centre (NCSC), who urged governments in the Middle East, Europe, and North America to protect their computer networks against a worldwide cyber-hijacking campaign suspected to be linked to the Iranian regime.
The hacker attack has captured sensitive data, like emails, user traffic, and credentials of targeted agencies, in what initially appeared to be traditional espionage.
Britain has been especially vigilant after being hit by seven recent cyber attacks. One of the most damaging occurred in 2017, when almost a third of hospitals were crippled by malware suspected to be from North Korea, forcing the cancellation of 20,000 operations and appointments.
In a lecture to the Royal United Services Institute for Defense and Security Studies (RUSI), Air Marshal Phil Osborn, head of Britain’s defense intelligence, said that Britain must be prepared to launch cyber attacks on enemies or risk “falling behind” in modern warfare. Online offensives could have “nationally crippling effects in minutes.” He added, “We can see numerous examples: unprecedented industrial espionage activity against the UK and allies, private security contractors being used in high-end capability warfare in Syria, cyber attacks against national infrastructure and reputation across Europe, information operations that attempt to pervert political process and frustrate the rule of law, and attempted assassinations.”
While there is no evidence that any organization in the UK has been affected, the NCSC issued a technical alert regarding the methods the hackers use, and how to identify whether or not computer systems are compromised.
Along with the US Department of Homeland Security, who issued an emergency directive throughout the US on Tuesday, the NCSC is working with other intelligence agencies, including FireEye, a private agency which was among the first to discover the attack.
FireEye senior manager Ben Read, told the Washington Post that if the Iranian regime was behind the campaign, it “would want to know what the foreign ministries in the Gulf are deciding.” He also cautioned that some 50 different organizations across at least 12 countries have been affected, “and that’s just what we’ve found so far.”
A spokesman for the NCSC said, "We are aware of a cyber incident affecting some Domain Name Systems (DNS) registrars and are working with our international and industry partners to understand its nature and extent, and the potential threat, if any, to the UK.”