As we discussed last week, the U.S. drone strike that killed General Qassem Soleimani was bound to lead Iranian hackers to seek revenge. Security experts and U.S. government officials issued warnings, urging companies and organizations to ramp up their protection and security efforts. So, the weekend came, and as expected, hackers got busy. The first confirmed attack was the defacing of the official website of the Federal Depository Library Program, which has now returned to normality. For a brief moment, the hackers managed to post Teheran’s threats of vengeance, even posting an image of President Trump getting punched.
The U.S. officials couldn’t confirm that Iranian hackers were indeed behind this defacing act, or didn’t want to. This wasn’t a catastrophic attack anyway, and the domain that was compromised is considered of secondary importance without a doubt. This happened on Saturday, and the same group of malicious actors focused their efforts toward other websites such as the Sierra Leone Commercial Bank, the Human Rights Protection Association of India, and the Taiwan Lung Meng Technology Company. This indicates that the group was more interested in spreading their message, rather than focusing on doing real damage.
Austria’s foreign ministry has also informed the public of a "serious cyber attack" that hit them on Saturday, expressing their estimation about this most likely being the work of state-sponsored actors. As the statement which was given at the time of the attack reads: “Due to the gravity and nature of the attack, it cannot be excluded that it is a targeted attack by a state actor.” Whether or not this was the work of pro-Iran actors hasn’t been clarified, so it may be an entirely unrelated incident. Some claim that it concerns an ongoing effort for a crucial political coalition that is close to being formed in the country.
What experts fear now is the things that we don’t see. Iranian hackers of higher capability could have moved under the radar during the previous weekend, planting malware on more critical targets and preparing much more disruptive attacks. Compromising high-profile industrial targets and mainstream software platforms is something that may have gone unnoticed for the media, as these attacks are being dealt with by the IT teams of these firms.
Do you have anything to comment on the above? Feel free to leave us your comments in the section down below, or on our socials, on Facebook and Twitter.