Security Group Warns Iranian Hackers Could Target US Electric Utilities


Iranian hacking groups are targeting U.S. electric systems, and intelligence officials worry that escalating tensions between the two countries could only make things worse in the future.

Particularly after the killing of Iranian general Qassem Soleimani earlier this month, officials at industrial control system security firm Dragos said there was reason for officials to be wary.

Dragos on Thursday noticed that a hacking collective called Magnallium had been engaging in “password spraying,” or the practice of guessing thousands of common passwords and using them to target U.S. gas and electricity firms.

Dragos said they knew a related group called Parasite had also been working with Magnallium, trying to expose vulnerabilities in the virtual private networking software.

The practice was done all throughout 2019 and continues today, Dragos reported.

Magnallium has also been known as APT33, Refined Kitten, or Elfin, and has previously been linked to Iran, and considered state-sponsored.

Dragos didn’t have a comment on whether or not there were any breaches made by Magnallium.

But their report makes clear that the hackers didn’t seem to have the sophisticated software to breach the far more specialized systems that control electric systems or oil and gas facilities.

However, given the political climate and the likelihood of Iran trying similar things in the future, Dragos founder and former NSA critical infrastructure threat intelligence analyst Rob Lee said everyone should be ready.

Lee said that his concern was less that a new group with more dangerous capabilities would spring out of nowhere, but that one already had.

Dragos analyst Joe Slowik said that there was definitely a trend in Iranian hackers trying to target oil and gas-related systems, though it wasn’t all they were doing.

Slowik said that the widespread attempts at hacking, which could seem “untargeted, sloppy, or noisy,” were nevertheless opportune for Magnallium to build up multiple points of entrance.

U.S. officials have been warning of Iranian retaliations of the digital variety since the killing of Soleimani, saying that relatively small things like the defacing of U.S. websites could blossom into much larger cyber warefare over time.