In the aftermath of the US assassination of Iranian general Qassem Soleimani, and subsequent Iranian missile attack, tensions between the countries have been rising. And this has resulted in a climate in which Iranian hackers are now targeting the US with password spraying.
Firstly, what exactly is meant by ‘password spraying’? Effectively, password spraying attacks attempt to target large numbers of user accounts with generic, frequently used passwords. Password spraying is not particularly sophisticated, but can reap large rewards for black hat hackers.
However, the target of Iranian password spraying can definitely be considered to be serious. A report from security firm Dragos suggests that Iran cyberattacks could eventually target the US electricity grid, and that cybersecurity experts in the Middle Eastern company have already begun working on this nefarious outcome.
Dragos suggested that a group of state-sponsored hackers that it referred to as Magnallium has already engaged in a “broad campaign” of password spraying attacks, with the hope of gaining access to US electric utilities and oil and gas providers via potential vulnerabilities in VPN software.
It is not yet known whether this technique has resulted in any actual breaches, not least because Dragos have declined to comment on this. But the probing of fundamental systems of infrastructure in the US will certainly be considered alarming by some.
However, the reality is that there is very little prospect of any such crude technique breaching major US systems. Electricity utility systems are particularly sophisticated, and breaching them would require a far subtler and more sophisticated approach than has been indicated in the Dragos report.
So password spraying could potentially cause inconvenience and problems for US citizens, but in and of itself is unlikely to lead to major infrastructure breaches. However, Dragos argues that those overseeing infrastructure networks in the US still need to be aware of the threat that Iranian hackers pose.
Former NSA intelligence analyst Rob Lee told Ars Technica that it is even possible that major systems have already been compromised. “My concern with the Iran situation is not that we’re going to see some new big operation spin up. My concern is with access that groups might already have,” Lee commented.
While energy infrastructure may be a major focus of such password spraying campaigns, they are also not limited to his narrow focus. There is also the possibility that Iran can build up multiple points of access, which can then be used for further attacks in the future. Effectively, Iranian hackers are laying the groundwork for future operations.
Although this may seem potentially worrying for the average American, the long-term threat of password spraying is debatable. Reports have suggested that Iran has breached US electric utilities previously, as have Russia and China. And US hackers also perform similar operations. But bringing down an electricity grid for a prolonged period would be extremely difficult, and it is far more likely that the US could do this to Iran than vice-versa.