Iran investigating third cyberattack in a week

The attack was repelled by the Islamic Republic's security shield, known as Dezhfa, as two other cyberattacks were reported last week.

A computer engineer checks equipment at an internet service provider in Tehran February 15, 2011 (photo credit: CAREN FIROUZ / REUTERS)
A computer engineer checks equipment at an internet service provider in Tehran February 15, 2011
(photo credit: CAREN FIROUZ / REUTERS)
Iran is investigating a foreign spying malware attack on government servers in the third cyberattack reported in the Islamic Republic in the past week.
Minister of Communications and Information Technology Mohammad Javad Azari Jahromi claimed that "an organized cyberattack against Iran's E-government infrastructures was identified and repelled by the security shield," according to the Iranian Fars News Agency.
Jahromi stated that the attack was an APT27 attack aimed at obtaining information. APT27 is the name of a Chinese-speaking entity who has been involved in multiple malware attack campaigns in Central Asia and against government entities, according to a report by Kaspersky, a cybersecurity provider.
The suspects behind the attack were "tracked" and the victims of the attack have been identified, according to Jahromi.
Last Wednesday, Jahromi announced that a large-scale cyberattack organized by a foreign state had been thwarted by the country's "security shield."
"Recently, we faced a highly-organized and state-sponsored attack against the infrastructures of the electronic government and it was identified and repelled by the country's security shield," said Jahromi, according to Fars. Jahromi could not say which state carried out the attack, adding that a report about the attack would be released later.
In another cyberattack last week, the banking details of approximately 15 million Iranians were published on the Telegram messaging platform.
Jahromi stated that the attack was the work of a “disgruntled contractor who had access to the accounts and had exposed them as part of an extortion attempt,” according to The New York Times. Cyber experts have disputed this, the newspaper wrote, pointing out that the breach is so large that it was more likely the work of a foreign state or state-funded body.
The attack targeted customers of Iran’s three largest banks: Mellat, Tejarat and Sarmayeh. All three banks have been under US sanctions for over a year, accused of transferring money on behalf of Iran’s Islamic Revolutionary Guards Corps.
Jahromi claimed that the Islamic Republic's national cybersecurity wall, known as Digital Fortress or Dezhfa, has helped thwart 33 million cyberattacks against the country in the past year, according to Fars.
“[The] United States’ unilateralism and use of sanctions is a threat to international cybersecurity, and the solution to global cybersecurity problems lies in using multilateral mechanisms," stated Jahromi.
Iran's "indigenous firewall is currently installed on all industrial control systems operating under the Siemens brand," Jahromi explained in May.
Dezhfa was designed and developed by young Iranian scientists and successfully tested on industrial automation systems, according to an Instagram post by Jahromi.
Iran is currently in the process of developing a national intranet system, known as the National Information Network (NIN), in order to cut the country's dependency on international cyberspace, according to Radio Farda. The network will also prevent Virtual Private Networks (VPNs) from helping Iranians bypass the Islamic Republic's censorship of the Internet, as data requests won't be routed outside the country.
The plan was first announced in 2010 with an expected completion date in 2015. In May, the Supreme Council of the Cultural Revolution announced that the NIN is 80% complete.
"All domestic activities, services, applications [and] various types of contents... are included in the national Internet," said Communications and Information Technology Minister Mahmoud Vaezi at the inauguration event in 2016, according to the BBC.
Iran has already blocked access to tens of thousands of sites and services including Twitter and Facebook, although many users use VPNs and proxy sites to bypass the filter.
On Wednesday, Iranian President Hassan Rouhani promised that the NIN would be strengthened so that "people will not need foreign [networks] to meet their needs." The announcement came soon after the government temporarily shut down Internet access throughout the country during anti-government protests, sparking fears among Iranians that they could soon be cut off from accessing the outside world through the Internet.
The intranet would allow the government to decide what content can be accessed by users, removing the need for absolute shutdowns like the one imposed during the protests.
Some Iranian newspapers warned the government against imposing such a decision on citizens, as things could easily spark out of control as they did after gasoline prices were raised in a sudden decision by the nation's leadership, according to the People's Mojahedin Organization of Iran, an Iranian militant opposition group. A state-run daily called the announcement a "threatening message to the people," while another daily asked, "will the people and the private sector tolerate the Internet shutdown?"
Alex Winston contributed to this report.