Iran is targeting industrial control systems, according to Microsoft security researchers and reported by Ars Technica. The scale of the attempted hacking is incredible, with the Iranian group targeting about 2000 organizations per month.
Motivations behind the attacks are not yet clear. While the US government was concerned that Iran may retaliate in the cybersecurity space. In response, the late December drone strike on their general, this appears to have begun before that. It’s possible that this is laying the groundwork for a larger attack later on.
Given the number of organizations that directly and indirectly support Y12 and Oak Ridge National Laboratory it seems prudent to assume that some of these organizations that are targeted include those in East Tennessee.
It’s a great example of why we block Internet traffic for our managed customers from countries such as Iran. While not a panacea, it goes a long way toward securing the network.
If you’re interested in having a conversation with us about how to better secure your network. Give us a call at 865-240-2716.