Iran-Sponsored Hackers Might Be Probing U.S. Electric Sector

If the latest reports are to be believed, Iran-backed hackers are probing U.S. critical infrastructure by using password-spraying attacks, looking for weakness and human laziness.

It”s no surprise that, following the conflict between the United States and Iran so far this year, hacking activities are on the rise. It”s impossible to say with certainty that the threats originate from Iran but the modus operandi is similar to patterns of the last decade.

A password-spraying attack is a known method to find weak passwords, which is basically guesswork. Research shows that, year after year, people tend to choose simple passwords or to use the same passwords on multiple services. Hackers know there”s also the possibility of finding at least one such case.

A report from industrial security company Dragos shows that a group called MAGNALLIUM (also known under the APT33 name, Refined Kitten and Elfin.) is targeting industrial control systems (ICS),

“In the fall of 2019, following increasing tensions in the Middle East, Dragos identified MAGNALLIUM expanding its targeting to include electric utilities in the U.S. MAGNALLIUM appears to still lack an ICS-specific capability, and the group remains focused on initial I.T. intrusions,” reads the report.

The use of a password-spraying attack means they may not have a way in, at least not at the moment. On the other hand, it would also be a way to create a lot of noise to cover their tracks.

Finally, the real problem is not the current wave of attacks observed by cybersecurity companies, but the fact that some of the APTs (advanced persistent threats) already have access and are waiting for the right time to strike.

A few days ago, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), under the direction of Homeland Security, warned both the government and private sectors to watch out for possible attacks from state-sponsored entities, especially those emanating from Iran.