S
ecurity Information Publicly Disseminated

Thursday, July 26, 2012

Soft War: Attack Of The Geeks


The cyber slap attack continues, Iran gets "Thunderstruck." Now that the Obama White House has spilled the beans on the U.S. clandestine cyber sniping program on Iran's nuclear program. It should be no surprise that the program continues to harass the scientists at Iran’s Natanz and Fordo nuclear enrichment facilities. The Iraian News agency FARS is reporting that their nuclear program  has been attacked recently by a virus they are calling “Duqu”. FARS reports that the “Duqu” malwere has both elements of the “Stuxnet” and “Flame” viruses that were unleashed on them previously. 


Iran's Minister of Communication and Information Technology Reza Taqipour who was the official speaking publicly disclosed that their geeks have “thwarted” the recent attack and an other official warned that America will have its “teeth knocked out” if the attacks continue.
"It seems there is a close relation to the Stuxnet and Duqu targeted attacks," the statement said, adding that the malware's "propagation methods, complexity level, precise targeting and superb functionality" were reminiscent of the Stuxnet and Duqu cyber threats to which Iran had also fallen victim. 
Stuxnet was designed to damage Iran's nuclear sites, specially Natanz uranium enrichment facility. Duqu, like Flame, was apparently built for espionage but shared characteristics with Stuxnet. 
The new worm has targeted the "automation network" at the Natanz and Fordo facilities and has shut them down. The Internet security site F-Secure Security Labs reported that a scientist from Iran's Atomic Energy Organization. Sent them an email stating that a virus has taken over the computer network and is blaring the song “Thunderstruck” by AC/DC.


F-Secure is a Finnish maker of security and cloud software and said that while it was unable to verify the details of the attack described, it had confirmed that the scientist who reported them was sending and receiving the e-mails from within Iran's Atomic Energy Organization.


Iran's nuclear program and oil facilities have been the target of repeated cyber attacks and apparently it is getting old in Tehran because they have issued ultimatums. Iran's Foreign Ministry said in May that these cyber attacks were launched by hostile governments as part of a broader "soft war" then in June the White House admitted to it!


Iran accuses the U.S. and Israel of trying to sabotage its technological progress with financial sanctions, oil and gas embargoes and cyber attacks. Both countries say Iran's nuclear activities may have military intent, an allegation that Iran denies. However Iran does admit to using their enrichment facilities to produce fuel rods for nuclear submarines and surface warships that they have yet to acquire or build.


The Iranian scientist reached out to F Secure with this email. 


Over the weekend, I received a series of emails from Iran. They were sent by a scientist working at the Atomic Energy Organization of Iran (AEOI). 
He wrote:
A translation of the email by F Secure
I am writing you to inform you that our nuclear program has once again been compromised and attacked by a new worm with exploits which have shut down our automation network at Natanz and another facility Fordo near Qom. According to the email our cyber experts sent to our teams, they believe a hacker tool Metasploit was used. The hackers had access to our VPN. The automation network and Siemens hardware were attacked and shut down. I only know very little about these cyber issues as I am scientist not a computer expert. 
There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out. I believe it was playing 'Thunderstruck' by AC/DC.
Comment from F Secure
I'm not sure what to think about this. We can't confirm any of the details. However, we can confirm that the researcher was sending and receiving emails from within the AEOI.


Mikko


Comments in reference to the Iranian email post very interesting

No comments:

Post a Comment