Iranian hackers penetrated computers of a small dam in NY

Iranian hackers penetrated the industrial control system of a dam near New York City in 2013, raising concerns about the security of US critical infrastructure.

It is official, Iranian hackers violated the online control system of a New York dam in 2013. According to reports, the hackers penetrated the control system of the dam and poked around inside the system.

The Wall Street Journal reported that hackers penetrated the system of the critical infrastructure through a cellular modem. The Journal cited an unclassified Homeland Security summary of the case. At the time I was writing the Department of Homeland Security has declined to comment on the cyber attack.

The Wall Street Journal cited to anonymous sources that revealed the hackers targeted the Bowman Avenue Dam, which is a small facility 20 miles outside of New York.

“It’s very, very small,” Rye City Manager Marcus Serrano told the newspaper, confirming that FBI agents investigated the case in 2013.

Fortunately, the intruders were not able to gain complete control of the control systems. The hackers used a machine that scanned the Internet for vulnerable US

The hackers used a machine that scanned the Internet for vulnerable US industrial control systems (ICS) , but the strange circumstance is that threat actors appeared to be focusing on a specific range of internet addresses.

The US cyber experts once discovered the attack have tracked back the intruders, the evidence collected suggests the involvement of Iranian hackers, probably the same groups that focused their operations on American companies and organizations.

Exactly one year ago, the experts at security firm Cylance revealed that Iranian hackers were targeting airlines, energy, defense companies worldwide as part of the Operation Cleaver campaign.

The fact that foreign hackers target US critical infrastructure is not a novelty, a report issued by The Department of Homeland Security (DHS) in November 2014 revealed that Russian hackers have infiltrated several critical infrastructure in the United States.

The US has the highest number of ICS and SCADA systems exposed on the internet and many of them are easily identifiable with search engines like Shodan or Censys. Researchers at Shodan recently revealed that the US have nearly 57,000 industrial control systems connected to the Internet.

A recent wave of attacks conducted by Iranian hackers came after a period of apparent calm. The cyber security experts noticed an evolution of the TTPs of the Iranian hackers that were initially focused on targets belonging to the financial industry, their activities were limited to sabotage and disruption of the targeted infrastructures, such as in the attack on casino company Las Vegas Sands Corp.

The recent attacks against The State Department attack is clearly a cyber espionage operation, they were initially attributed to Chinese hackers who may have infiltrated the department’s unclassified e-mail systems. Let’s remind that security experts at Facebook were first noticed the intrusion of Iranian Hackers in the e-mail accounts of US State Department officials focused on Iran.

Needless to emphasize the importance of activities of threat intelligence to prevent these accidents and mitigate cyber threats.

Pierluigi Paganini

(Security Affairs –Iranian hackers, critical infrastructure)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks

Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware…

2 hours ago

Sophos fixed critical vulnerabilities in its Firewall product

Sophos fixed three Sophos Firewall flaws that could lead to SQL injection, privileged SSH access…

16 hours ago

U.S. CISA adds BeyondTrust software flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BeyondTrust Privileged Remote Access (PRA) and Remote…

1 day ago

Raccoon Infostealer operator sentenced to 60 months in prison

Raccoon Infostealer operator Mark Sokolovsky was sentenced to 60 months in US prison and ordered…

1 day ago

Mirai botnet targets SSR devices, Juniper Networks warns<gwmw style="display:none;"></gwmw>

Juniper Networks warns that a Mirai botnet is targeting SSR devices with default passwords after…

2 days ago

Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM<gwmw style="display:none;"></gwmw><gwmw style="display:none;"></gwmw>

Fortinet warns of a patched FortiWLM vulnerability that could allow admin access and sensitive information…

2 days ago

This website uses cookies.