Hackers in Iran behind Parliament House security breach, says US cyber research company
Hackers based in Iran were responsible for the breach of parliament and our political parties, a US cyber research company says.
Hackers based in Iran and implicated in attacks on the US and Western allies were behind a computer breach of Australia’s parliament and political parties, a US cyber research company has alleged.
The attacks were part of a global espionage campaign that cybersecurity companies say began last year and that has mostly targeted the Five Eyes intelligence alliance comprising the US, Canada, the UK, Australia and New Zealand. They think the attacks were retaliation for President Donald Trump’s decision to withdraw from a nuclear agreement with Iran.
The focus and pattern of the attack is compatible with the activity of an Iranian state actor connected to the Mabna Institute, said cybersecurity company Resecurity President Charles Yoo. The Mabna Institute is a technology company linked to the Iranian Revolutionary Guard.
The Federal Bureau of Investigation has blamed Mabna members, nine of whom were indicted in the US last year, for a hacking campaign that compromised universities, private companies, and government entities in the US and UK.
“After that, that group has been reshaped and now includes members from Syria and Palestine, working as ‘mercenaries,’” Mr Yoo said.
The global campaign has also been identified by National Security Agency analysts and FireEye, another cybersecurity company.
Australia’s government hasn’t assigned blame for the February 8 attack. It happened three months before elections, raising worries it was part of a campaign by foreign agents to influence Western democracies.
Prime Minister Scott Morrison said the attacks, thwarted early, were from a “sophisticated state actor.” That triggered concern locally that China — accused in 2017 of interfering in Australian domestic affairs — was behind the attack. Australia blamed Beijing for an attack in December. China has called suspicions it was behind cyberattacks irresponsible and baseless.
Mr Yoo thinks blaming Chinese agents was a false flag. Resecurity had monitored the Mabna group’s activities for several years.
Iran’s cyber soldiers, according to FBI investigators, have been conducting “password spray attacks” using easy-to-guess passwords. Iranian hackers were blamed in November for a cybersecurity breach and extortion attempt on Australia’s Austal, which builds littoral combat ships for the US Navy.
Mabna frequently targets organisations using cloud-based applications that require a single authentication token, often across multiple computer systems or even organizations, the FBI says. It focuses on Microsoft Office 365 users, according to the agency. Once inside the systems, the FBI says, Mabna accesses email.
Last year, Iran’s government dismissed charges against Mabna as groundless. The Iranian Embassy in Canberra couldn’t immediately be reached for comment on the new accusation.
The group likely targeted Australia as a close ally of the US and Israel.
President Trump withdrew last year from a 2015 deal that restricted Iran’s nuclear capability in exchange for having economic sanctions against it dropped.
As evidence of the group’s intrusion, Mr Yoo offered a database he said was taken from the Australian parliament mail server. It comprised 7354 records containing information about politicians and staff. Accessing it would have required at least one hacked email account on the parliament computer server, he said.
The database, reviewed by The Wall Street Journal, includes email addresses, phone numbers and contact details for staff and ministerial advisers in most parties. The initial compromised email has since been deactivated, he said.
Cyber experts said the documents appeared authentic and probably came from a hacker’s cloud-based server but didn’t prove Iran’s involvement. “It’s more a proof-of-life document. It doesn’t really tell us anything at all about attribution,” said Tom Uren, an Australian Strategic Policy Institute computer-security analyst.
An Australian cyberdefence agency official said the hackers had used malicious computer software, or malware, as well as techniques not seen previously that have since been shared with allies.
Resecurity’s report follows a warning by US intelligence officials that China, Iran, North Korea and Russia were intensifying cyber operations against Western rivals.
The Wall Street Journal
When play is not a game
Apparent addiction to video games may be hiding other issues.
Xi’s China fills void left by US
Moves in Europe highlight America’s fading influence.