Iran’s Telecommunications minister has criticized the government’s cyber-attack monitoring center for failing to detect an attack that led to the hacking of several Iranian data centers on the evening of April 6, despite a warning about the attack ten days before it took place.
Mohammad Javad Azari Jahromi first said in a tweet Friday evening “Several Iranian data centers came under cyber attacks tonight. Some of the smaller routers have been changed to factory setting.”
Later, in another tweet, Jahromi claimed that MAHER, Persian acronym for the Computer-related Events Operation and Coordination Center, “Has monitored and controlled the attack and the data centers’ settings have been brought back to normal.”
One day after the cyber-attack, Jahromi said that MAHER should have issued a “special warning.” He promised that his ministry would investigate and deal with the failure.
MAHER announced on Saturday, “Major companies and data centers including Afra Net, Asia Tech, Shuttle, Pars Online and Respina have resumed their normal operations.”
Iran’s Telecommunications Ministry revealed on Saturday that ten days ago CISCO, the US company that manufactures network equipment had warned about the vulnerability of the router switches that were attacked Friday night.
The ministry said that many companies freeze their networks’ settings during holidays, and that the companies did not update their settings as MAHER failed to inform them of the imminent attack. Friday is a weekend day in Iran.
A number of Iranian websites were reportedly “down” for several hours following the Friday night attack.
The Ministry of Telecommunications and Information Technology says that 35 thousand router switches have been attacked by hackers.
The data companies Respina, ISIRAN, and Shuttle were most seriously affected by the attack, said the ministry.
Explaining about the origin of the attack, the ministry said, “An image of the US flag that was used in hacking with a slogan about intervention in US elections, as well as the timing of the attack indicate that it has not originated in the Middle East.”
IRGC-linked Fars news agency quoted U.S. Cert, a US government computer emergency center, as attributing the attack to the Russian government.
There seems to be no trace of such a statement by the U.S. Cert. Fars might be referring to a previous general warning by the agency about Russian hackers.
Meanwhile, Symantec, a pioneer company in the area of confronting cyber attacks, says Dragon Fly hacking group is responsible for the attack.
Iranian administrative centers’ website have been subjected to several cyber attacks during previous years.
Iran’s Oil Ministry was targeted by a major cyber attack in 2012, when the ministry and the National Iranian Oil Company’s communication system and internet network were hacked.
In June 2016, hackers made inaccessible the websites of the Iranian Statistical Center, State Registrar Office, and several Foreign Ministry websites including those of Iran’s embassies in Argentina, Ukraine,Russia and Kyrgyzstan.
The Iranian Cyber Space Police claimed at the time that three Saudi-linked companies were involved in the attack. Nevertheless, the cyber crimes investigation center of the Islamic Revolution Guards Corps (IRGC) announced that it has arrested the hackers.
In February 2018 hackers defaced the websites of a number of Iranian newspapers including Qanoun, Arman and Setareh Sobh. Iranian authorities later claimed that the attack had originated from the US and UK.
Since 2012, Iran has been named responsible for cyber attacks on a few U.S. banks, a dam near New York, and for an attempt to hack Obama administration officials’ user accounts.
A Carnegie Endowment for International Peace report released in January said that Iranian intelligence organizations, like their counterparts in other countries, have been increasingly involved in cyber intelligence and cyber attacks, targeting Iranian opposition in Iran and abroad as well as civil right institutions, government offices and businesses in the US, Israel, Germany and Saudi Arabia.
The report which was focused on Iran’s destructive activity in cyber space, said Iran uses misleading user accounts as cover in order to conceal its responsibility while taking credit for its hacking capability.
Recently the U.S. imposed sanctions against 10 Iranian real and legal entities on charges of hacking hundreds of U.S. and international universities.
Meanwhile, last September Iran was accused of involvement in hacking user accounts of a number of members of the British Parliament.