The network of an unnamed US federal government agency was compromised by Iranian government-sponsored hackers who, starting in February, stole passwords on the network and installed software to generate cryptocurrency, US officials said Wednesday.
The FBI and DHS’s Cybersecurity and Infrastructure Security Agency (CISA) informed in a public advisory that the Department of Homeland Security’s officials only responded to the breach in June to clean up the network of the civilian agency though the hack likely began in February.
Both CISA and the FBI refused to comment on the development.
The breach is a classical example of how it can take months from the moment when the hack occurs to the time when it is actually discovered and disclosed and the latest evidence of how Iranian hacking teams, often Tehran-government contractors, dabble in self-enrichment schemes.
Although the ultimate motive of the alleged Iranian hackers was unclear, they exploited a widely known vulnerability to access and use the US government network to install cryptocurrency-producing software that can potentially useful revenue for the sanctions-hit Iran.
CISA sounded the alarm about that vulnerability in December 2021 and ordered all government agencies to address it immediately.
The Permanent Mission of Iran to the United Nations hasn’t commented yet on the developments although the government in Tehran regularly denies accusations of hacking.
In recent months, the US authorities have accused several Iranian regime’s alleged contractors of moonlighting for personal gain, including the three Iranians working for IT firms affiliated with the Islamic Revolutionary Guard Corps (IRGC)- which is on the United States list of designated terrorist groups- that were accused in September of hacking and extorting an array of US companies and organizations.
All major world powers, including China, Russia, and the United States, often rely on the hacking programs and staff of contractors that give those governments a level of plausible deniability for their often-offensive cyber activity and capabilities.