Live updates: Follow the latest news on the Iran war
The digital fallout from the war between the US and Iran continues to intensify even after the ceasefire announcement, with a recent attack on devices linked to American infrastructure showing a critical failure to follow a “basic” cyber rule, experts have said.
The US federal government sent out an advisory in the hours leading up to the ceasefire saying hackers linked to Iran had attacked the devices. It said that, if unaddressed, the hacks could affect the water, wastewater treatment and energy sectors.
Several programmable logic controllers – basic computers that are often at the heart of manufacturing and other industrial processes – were compromised in the cyber attacks, the advisory read.
“These attacks have led to diminished PLC functionality, manipulation of display data and, in some cases, operational disruption and financial loss,” the US government warned. Some of the attacks resulted in “financial loss and operational disruption”, it added.
The FBI provided instructions to protect PLCs, along with advice on how those with compromised systems could blunt any potential effects.
Aras Nazarovas, a senior information security researcher at Cybernews, said the hacks were not very advanced, and that Iran would probably continue to pursue similar cyber attacks because of the nature of the PLCs used in so many important workflows.
“They took advantage of operational technology systems that were supposed to be isolated but ended up exposed to the internet,” Mr Nazarovas said.
Ideally, he added, PLC devices are supposed to be “air-gapped” – meaning not connected to the internet or any local network.
“In the Iranian attacks on US critical infrastructure, that basic rule wasn’t followed,” Mr Nazarovas said. “Isolation is so important.”
Even before the US and Israel launched strikes on Iran on February 28, cybersecurity experts had warned that Tehran was bolstering its hacking operations.
The cyber attacks, which have been encouraged by the regime in Tehran, come amid a large-scale internet blackout in Iran as authorities seek to control the flow of information.
Data from NetBlocks, which monitors internet governance around the world, indicates that 99 per cent of Iranians do not have access to the internet.
However, the various hacking groups working on Tehran's behalf from inside and outside the country have been unaffected by the shutdown.
Several weeks ago, Handala, a cyber group often linked to Iran, managed to hack FBI director Kash Patel's computer and personal email accounts.
The FBI said the compromised data had not come from its systems, but the hack still marked an alarming shift.
Handala also recently claimed responsibility for an attack on computers and smartphones belonging to Stryker, a Michigan-based medical technology company with about 55,000 employees around the world.
The FBI and the Department of Justice had previously seized control of several websites belonging to Handala, but the group has proven to be adaptable to such challenges.
“As we promised, the voice of Handala cannot be silenced and we will continue on our path until freedom and justice are achieved,” the group recently wrote in a message on its Telegram channel.
