The Information Technology Organization (ITO) of Iran claimed on Thursday that it detected two major cyberattacks this week.
Details about the alleged attacks were scarce, but Iranian state media said they were the work of “sworn enemies” and one of them struck Iran’s vital seaport infrastructure.
Reuters quoted a statement from Iran’s Ports and Maritime Organization claiming one of the cyberattacks was intended to interrupt the organization’s “missions.”
Iran released even fewer details about the other attack. The Times of Israel (TOI) relayed “unconfirmed reports” from Iranian media that the second cyberattack was directed at Iran’s banking system.
The ITO said several of Iran’s government systems were temporarily shut down as a precaution after the attacks, which were described as “important and on a large scale.” Other Iranian government officials insisted there was “no evidence of widespread attacks on various government agencies.”
TOI recalled Iran blaming Israel for a major cyberattack against the Bandar Abbas port facility in May, in turn a response to Iranian hacking attacks on Israel’s water infrastructure system. Israel describes Bandar Abbas as a hub for Iran’s support of international terrorism. The intrusion into Bandar Abbas’ systems was reportedly crafted to “send a message” to Iran without inflicting much damage.
Infosecurity Magazine noted Iran reported three significant cyberattacks within a week last December, one of them supposedly “sponsored by a foreign state.” Iran’s telecommunications minister implied that that foreign state might be China — an offbeat comment, given that Iran usually blames cyber-espionage on the United States or Israel.
Israel-based security firm ClearSky reported on Friday that a hacking group called “MuddyWater” linked to the Iranian government has launched a major ransomware campaign against targets in Israel and elsewhere.
The group, whose methods appear similar to another Iranian threat identified by the FBI in September, uses virus-laced “phishing” emails and direct attacks against email servers to contaminate targeted systems with an exceptionally vicious form of ransomware, which the hackers offer to remove if a ransom is paid.
ClearSky noted that MuddyWater’s malware is so wantonly destructive that victims may have trouble recovering their data even if they pay the ransom. Ransomware attacks are evidently a new pursuit for MuddyWater, which previously conducted low-profile espionage campaigns against government, military, and academic targets.