Critical Pakistani Networks Compromised By Iranian Hackers

In another series of disturbing revelations, Iranian hackers have penetrated and stolen information from governments and private companies around the world. Pakistan is among the countries affected by the hacks. According to researchers, this operation has been going on since 2012.

Cylance, the security company that has authored the report, says that highly sensitive information has been stolen from government agencies as well as infrastructure companies in the following countries: United States, Britain, Canada, China, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey and the UAE.

The operation has been active since 2012 and governments and major infrastructure companies across the world were the targets of attack

The hacks, which have been dubbed ‘Operation Cleaver’, show that the Iranian hackers managed to infiltrate and conduct surveillance on a global scale. Affected companies are from a wide range of operational fields that include military, oil and gas, energy and utilities, transportation, airlines, airports, hospitals, telecommunications, technology, education, aerospace and other sectors.

Cylance suspect that the main operation is being conducted from Tehran with smaller cells operating in Canada, Britain and the Netherlands. Detailing information about Operation Cleaver, the researchers said, “During intense intelligence gathering over the last 24 months, we observed the technical capabilities of the Operation Cleaver team rapidly evolve faster than any previously observed Iranian effort. As Iran’s cyber warfare capabilities continue to morph, the probability of an attack that could impact the physical world at a national or global level is rapidly increasing. Their capabilities have advanced beyond simple website defacements.”

If the operation is left to continue unabated, it is only a matter of time before the world’s physical safety is impacted by it – Researchers

Operation Cleaver is another huge security threat that appears to be state sponsored, with multiple Persian hackers and Iran registered domains highlighted in the report. Previously, we covered Regin and the scope of this new threat appears to be the same. Warning about potential ramifications if not immediately addressed, Cylance researchers said ” We have uncovered only a fraction of Operation Cleaver’s full scope. If the operation is left to continue unabated, it is only a matter of time before the world’s physical safety is impacted by it.”

The discovery of the Stuxnet worm, which affected Iranian nuclear reactors appears to have triggered this retaliation which has ramped up to full scale cyber warfare.  Cylance said, “Stuxnet was an eye-opening event for Iranian authorities, exposing them to the world of physical destruction via electronic means. Retaliation for Stuxnet began almost immediately in 2011.”

Transportation systems in Pakistan were affected and even our airport gates and security control systems were under the control of the hackers

Perhaps what is most concerning about Operation Cleaver is the fact that transportation systems in South Korea, Saudi Arabia and Pakistan were successfully compromised. This means that our remote infrastructure and supply chain were under the control of a malicious entity. Everything from airport gates to security control systems to payment systems were compromised and we were none the wiser.

The increasing number of major security breaches go to show that we need to invest more in defense against such threats. The internet is the battle-ground where modern warfare is conducted and the sooner the authorities wake up and realize it, the better.

via Express Tribune

Talal is a Director and the Editor in Chief at ProPakistani.


  • Muhammad Ashraf

    as far as I know, we don’t have electronic boarding gates in place at airports

  • Geekpk

    Meanwhile PTA and FIA Cyber Crime Wing are busy blocking websites.

    • ScarletCrimson

      They have to do something besides swatting flies.

  • STMK

    I don’t know what is authenticity of this report publish by Pro Pakistani specifically in case of Pakistani Autonomous technology systems & As far as i know our systems are still need to update on the level of hacking first :-)

  • Maxima

    Most of the reports against Iran are biased and a propaganda structured and formulated by the Americans…the real enemy is the NSA not the Iranian Hackers

    • Shahid Saleem

      You have not being paying attention. Just a few years ago there was an Iranian attack on Gmail using SSL certificates created by an authority in Netherlands. They had penetrated the CA. And it was not just Gmail.

      That is why Google Chrome has feature named “certificate pinning” read up on the history of it.

      And some Iranian hacker posted to pastebin his/their justification for the attacks. The primary TARGET of the attack was Iranian citizens but they had to go through a Western company to do that. Which they did, successfully.

      So I do not doubt that they CAN do it. And just like case of Osama bin Laden, our “radars” were pointed East not West. Similarly our “network security” was looking for attacks from East not West.

      • Arsalan Shah

        Lol. Network security is network security. It’s not a Border, East or West doesn’t matter in it. Do you really think people from the East (India) would be using THEIR OWN IP to hack Pakistan? LMFAO! No one uses their own IP.. Cyber Security CANNOT be East or West dependant. And despite of you being such a smart man, do you seriously believe the boll*cks that our Radars were pointed East & Radars on the West were dead? LOL Again! I hope you aren’t getting your stories by watch Zero Dark Thirty :P

        • Shahid Saleem

          No, I got that from the army: http://defence.pk/threads/the-status-of-pakistans-radar-network-during-us-raid.107254/

          Why, where did you get your news from?

          • Arsalan Shah

            No where. Talking with my own experience.

            Defence.pk is NOT the army. It’s not run by them. It’s a PRIVATE page.

            Secondly, you didn’t answer me concerning my main point about hacking – blocking hacking from east and not the west.

            Lastly, Whatever is the OFFICIAL version of the government/ISPR is, is only meant for donkeys. It hasn’t got anything to do with the truth. There are rumours that The Border Defense System WAS DELIBERATELY turned off – on the night of the Abbottabad raid. YRG – exPM PK was also being held responsible in some way for that, along with Asif Ali Zardari (Memo Scandal/Abbottabad Commission) .. Anyways, what i’ve heard is that border radar was closed deliberately for that night. And again, hacking DOES NOT works in the same way as border radars!

        • Shahid Saleem

          When there was a recent article about attacks to NADRA infrastructure, did you miss the fact that it talked about US and India, but no one else? And for your information, Chinese hackers DO get caught using Chinese IP addresses. Go read up on PLA Unit 61398.

          • Arsalan Shah

            Yes. They certainly did. Cuz they were ABLE to trace it. 99% of hacks go untraced, and they are usually never detected as they remove their traces. The Chinese hack was traced AS the hack was TAKING place and it was detected/traced/unmasked.

            • Shahid Saleem

              … which is also possible for other types of attacks, at other times, by other entities. Wow, you are so literal it’s so hard to understand your thought processes sometimes.

  • JahanZaib Yousaf

    our network security is not up to the mark
    it is easy pie for hackers

    i think we should form a group of hackers who help government to make the security better or help to find the loop holes.

    • Hamid Hussan

      yes when I tried to check the speed of my broadband the speedtest website after analyzing instead of my broadband provider name displayed labbaik ya hussain I was shocked by this and realized that ptcl is also compromised by the attack

    • Hamid Hussan

      yes when I tried to check the speed of my broadband the speedtest website after analyzing instead of my broadband provider name displayed labbaik ya hussain I was shocked by this and realized that ptcl is also compromised by the attack

      • yeah I am also getting this name since long

  • JahanZaib Yousaf

    Publish it Pro Pakistani

    Dear
    Customer, please be informed that owing to restrictions imposed by Law;
    Zong has suspended/cancelled all its Prize
    Schemes/Promotions/Campaigns. This communication has been made for the
    purposes of Legal Compliance

  • Kunnka

    We should hire international or National Cyber security experts personals and came up with a clever Network security structure to stop this oblivion.

  • Shahid Saleem

    Oh man, what is wrong with you??? That was not an article by defence site. That was a copied article from a local newspaper. And if you google a little bit you will see that similar statements in local papers by the ACM.

    My use of phrase “east not west” was meant to describe our MENTALITY of where we expect attacks & hacks from, not the actual geographical location of the IPs from where the hacks came from. Man, use your intellect and stop being so literall.

  • Eli Ehsan

    BUT BUT THEY SAY THAT WE ARE #4thMostIntelligentNation.. THEN HOW? :O

  • Muhammad Atif

    I have solution, Block WWW and start establishing CWW it means Country wide web.
    Between the CWW and WWW there will be filtered high security gate.
    Establishing this Gate will stop hackers to hack into other countries.
    They will be only limited to their own countries./

    • Ali

      This is something hilarious :D Certain points are:

      1) There is no such thing like CWW :D but you can restrict www to country level which can easily broken by VPN or proxy.

      2) Secondly, if we localize (You can localize network which is different than WWW or CWW) everything than how can we share it to others? Lets say flight scheduling. There is always a sync system on source and destination. (This is just one scenario).

      3) Lastly, this is not a solution. This is cowardliness. Their are techniques to protect open network area but Pakistan never takes their security seriously :) neither a developer nor a client :D They are like (F**K Security and make shitty products). Even our bank systems have lots of bugs and loop holes. I’ll not talk openly but this exist – a bitter truth :)

      ** Hope you get my points and concerns.