Iranian hackers infiltrated Qatar’s government networks, airlines and oil and gas firms as part of a two-year campaign targeting critical infrastructure around the world, according to a new report by a US cybersecurity firm.
While Cylance did not name specific victims, Reuters reported that Qatar Airways was among the targets of “Operation Cleaver.”
The attacks centered on the military, aviation, energy and transportation sectors, among others, in 16 countries that included fellow Gulf states Kuwait, Saudi Arabia and the UAE, according to the report.
Backing up previous remarks from US officials, Cylance also blamed Iran for a 2012 attack that took down the corporate computer systems and website of Qatar’s RasGas and Saudi oil giant Aramco.
The US firm warned that the impact of Iran’s campaign could go beyond network downtime and cause real-world damage.
“As Iran’s cyber warfare capabilities continue to morph, the probability of an attack that could impact the physical world at a national or global level is rapidly increasing,” Cylance stated.
“Iran is no longer content to retaliate against the US and Israel alone. They have bigger intentions: to position themselves to impact critical infrastructure globally.”
While Cylance didn’t provide specific local examples, previous reports said an attack on local utility Kahramaa, for example, could disrupt the country’s supply of drinking water.
For its part, a representative of the Iranian government denounced the report.
“This is a baseless and unfounded allegation fabricated to tarnish the Iranian government image, particularly aimed at hampering current nuclear talks,” said Hamid Babaei, a spokesman for Iran’s mission to the United Nations, told Reuters.
Shielding Qatar
Cylance doesn’t say why Iran is focused on specific targets in certain countries, except to speculate that the attacks may be an attempt to gain negotiating leverage in its ongoing discussions surrounding the end of its nuclear program.
Relations between Iran and Qatar appear to be relatively cordial on the surface. However, Qatar’s former foreign minister, Hamad bin Jassim Al Thani, described the relationship in late 2009 as one in which “they lie to us, and we lie to them” in a conversation with US officials, minutes of which were obtained by WikiLeaks.
Iran and Qatar back opposing forces in Syria, where Doha has been vocal in calling for the removal of Syrian President Bashar al-Assad, who is backed by Tehran.
Qatar’s support for fighters seeking to overthrow al-Assad were cited as justification by the Syrian Electronic Army for several cyber attacks in recent years, including taking control of Qatar’s .QA domain name in October 2013 and hacking Twitter and Facebook accounts belonging to Qatar Foundation in March 2013, among others.
Qatar’s government has said it is working with businesses and organizations around the country to better shield critical institutions.
In a speech last April, the Minister of Communication and Information Technology, Hessa Al Jaber, said ictQatar has developed a National Cyber Security Strategy to help fend off attacks. The main points include protecting the country’s critical infrastructure, applying international standards for limiting cyber security threats and encouraging the use of secure online services.
Additionally, Qatar adopted a new cybercrime law earlier this year that introduces new penalties for a range of digital offences such as hacking into government networks.
Thoughts?