Shocking Sky News Report, Iranian Cyber Forces Target Several Strategic Infrastructures To Destroy

Illustration of building security forces vulnerable to sabotage. (photo: unsplash)

JAKARTA - According to a Sky News report based on classified documents allegedly from Iran, a cyber attack could sink a cargo ship or blow up a fuel pump at a gas station.

The Sky News report also details how satellite devices are used by the shipping industry globally and how computer-based systems control lighting, heating and ventilation in smart buildings around the world.

According to a security source familiar with five research documents, the 57-page collection was put together by an offensive cyber unit called Shahid Kaveh, part of the Islamic Revolutionary Guard Corps (IRGC) linked to Iranian terrorists.

"They created a target bank to use whenever they wanted," said the source who asked not to be named so that the document would be discussed in person.

Nearly all files include a quote that appears to be from Iran's Supreme Leader Ali Khamenei: "The Islamic Republic of Iran must be one of the most powerful in the world in cyberspace." Sources describe this quote as something like a "commander's statement of intent."

The front page of only two reports mentions the completion date. The first examines what are known as building management systems – computer technology that controls things like lighting, heating, and ventilation in smart buildings – starting November 19, 2020.

Companies that provide this service are listed in the document. Several manufacturers are involved, including Honeywell in the United States; Schneider Electric, a French electrical equipment company; Siemens, a German company; and KMC Controls, another US company.

Another report, which relates to a German company called WAGO, which manufactures electrical components for the industrial automation market, is dated April 19, 2020 and is the most comprehensive.

The file checks for vulnerabilities in programmable logic controllers or PLCs - computer control systems.

“Continuing the investigation, to use this process, we see the vulnerability in this system cannot be fixed. If there is an attack, the damage will not be easily repaired,” the report said.

“Therefore, compared to other PLC brands, this brand is impenetrable once connected online. When online, infrastructure and intelligence in engineering are unreachable and unassailable.

“To our advantage, the best situation is that the PLC is not working as it should, and for that to happen, a project must be written in a 'ladder' language and have as many escape routes, as many as possible. But the problem with this project is that we can't assess the damage caused. Another option is to assess the weak points and dangerous points of PLCs and software to attack our targets. This option requires separate investigation and research before we can find its weak point.”

Iran's Unit 13 attack does not work in a vacuum. There are many attack groups for countries, companies, and criminals, with the latter two seeking money as an incentive. Governments do not follow these rules, and their agenda may not be so clear.

This is why documents describing such targets with openness of attack, as those documents describe, are rarely published or exposed in such a manner.

The document provides a glimpse into how the attacker thinks about the owner of the target and the possible attack vectors and destruction capabilities required to injure the target.

To date, smart building owners haven't added a nation-state to the reference threat options, and by carefully examining the report, it's clear that this is an error that needs to be addressed.

WAGO, a German manufacturer of industrial automation, is one of the attack vectors described in the report. Many types of automation equipment are used in the industrial automation market and with Cloud-PLC services.

Many devices used in industrial automation and building automation are not updated. The vulnerability issue was not addressed, which allowed Iran and other attackers to continue and maintain victim systems for years.

Industrial and building management systems are key to ensuring safety. With millions of systems globally, this group of attackers poses a significant risk to modern life that we are used to in our daily lives.