US Government Agency Website Breached By 'Iranian' Hackers

January 6, 2020

A group claiming to be hackers from Iran defaced the website of an U.S. government agency and posted messages vowing revenge for the death of top military commander Qassem Suleimani.

According to a news report, the website of the Federal Depository Library Program was replaced on Saturday with a page titled “Iranian Hackers!” that displayed images of Iran’s supreme leader Ayatollah Ali Khamenei and the Iranian flag. “Martyrdom was (Suleimani’s)... reward for years of implacable efforts,” read the graphic, which depicted U.S. president Donald Trump.

“With his departure and with God’s power, his work and path will not cease and severe revenge awaits those criminals who have tainted their filthy hands with his blood and blood of the other martyrs,” it said. “This is only small part of Iran’s cyber ability!” read another caption.

Many cybersecurity experts have warned that Iranian hackers could breach other government websites. Hank Thomas, CEO at Strategic Cyber Ventures, says, “Iran will retaliate. There is no doubt about this. However, they will be looking for a way to appear both powerful and credible militarily at this pivotal point, without appearing to be a regional bully that traditionally relies on two-bit terrorist actions because they lack a robust advanced military response capability that could challenge the U.S. head on."

"Showing off their offensive cyber capabilities, and the reach it provides them beyond the region, could very well be a part of their most likely course of action," says Thomas. "A most dangerous course of action includes a combination of cyber and kinetic strikes both inside the region and beyond. This does not mean Iran will end the use of proxies, both in cyberspace and on the ground. Nevertheless, they will be looking to leave their calling card with the main thrust of this initial response to our military action yesterday.”

Similarly, Rick Holland, cybersecurity expert and CISO at Digital Shadows, contends that Iran's offensive cyber capabilities have grown significantly since the 2012 days of banking sector denial of service attacks and Saudi Aramco/Shamoon destructive malware. "In 2019, both the U.S. and U.K .governments released multiple public alerts regarding Iranian cybersecurity threats. The cyberspace proxy war between the US and Iran isn't new and will escalate as a result of Soleimani's death," he says.

"Iranian actors are known to use account take over techniques, spear phishing, and destructive wiper malware (e.g.: Shamoon)," says Holland. "The good news for defenders is security controls like multi-factor authentication can mitigate against account takeover attempts. Email security controls like "defanging" email attachments by creating PDFs of them can mitigate malicious attachments in spear phishing emails. Up to date anti-malware protection can help reduce the risks of wiper malware. The benefit of these controls is that they protect against a multitude of threats, not just Iranian attackers."

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.