Iran Targets ICS… 🇮🇷

Sky News managed to obtain 60 pages comprising five internal reports all marked “very confidential” that seem to originate from the Islamic Revolutionary Guard Corps’ (IRGC) Shahid Kaveh, a secret offensive cyber unit. Specifically, they are said to come from a sub-unit of Shahid Kaveh called Intelligence Team 13.

Documents focuses on building management systems and mentions Schneider Electric, Honeywell, Siemens and KMC Controls as companies that provide such solutions.

These types of products have been known to be affected by many vulnerabilities that could allow hackers to take complete control of a system. Attackers could trigger alarms, lock or unlock doors and gates, intercept video surveillance streams, control elevator access, manipulate lights and HVAC systems, and disrupt operations.

Another leaked report dated April 2020, mentioned programmable logic controllers (PLCs) made by Germany-based WAGO. While these types of WAGO devices have been known to contain critical vulnerabilities, the authors of the report have apparently not found a way to exploit them.

The other reports, focus on maritime communications, fuel pumps and cargo ships. While the documents describe potentially devastating attacks against these systems such as sinking a ship or blowing up a fuel pump at a gas station the authors mainly relied on open source information and they did not appear to possess any advanced knowledge or capabilities.

Iran has been known to target industrial organizations. Its hackers are believed to be behind the destructive Shamoon attacks in the Middle East, and some threat groups are known to focus on ICS-related organizations.

Iranian hackers were blamed for several attacks launched on water facilities in Israel last year, and while authorities claimed that the incidents did not result in any damage, in at least one case the attackers seemed to know how to target industrial systems.

An Iranian group posted a video showing that they had managed to access an industrial system at a water facility in Israel, specifically a human-machine interface (HMI). These hackers did not appear to possess advanced capabilities or knowledge for targeting industrial systems.