A series of documents, reportedly compiled by an attack group from Iran's Revolutionary Guard Corps, provide a glimpse into how malicious actors are increasingly targeting industrial and building management systems, writes Rotem Bar, senior ICS/OT division manager at BDO Israel
According to a Sky News report obtained from classified documents allegedly from Iran, a cyberattack could sink a cargo ship or blow up a fuel pump at a gas station.
The Sky News report also details how satellite devices are used by the shipping industry globally and how a computer-based system controls lighting, heating, and ventilation in smart buildings worldwide.
According to a security source with knowledge of the five research reports, the 57-page collection was compiled by an offensive cyber unit called Shahid Kaveh, part of Iran's terrorist-linked Islamic Revolutionary Guard Corps (IRGC).
"They are creating a target bank to be used whenever they see fit," said the source, who requested to remain anonymous in the direct discussion of the documents.
Almost all of the reports include a quote that appears to be from Iran's supreme leader, Ali Khamenei: "The Islamic Republic of Iran must become among the world's most powerful in the area of cyber." Sources describe this quote as something like a commander's statement of intent.
The Iranian attack unit 13 is not operating in a vacuum. There are many attack groups for nations, companies, and criminals, with the last two seeking money. Governments do not follow those rules, and their agenda might not be as clear.
We depend on industrial and building management systems for our safety. With millions of such systems globally, the attack groups pose a significant risk to these modern systems that we use in our daily lives.
Rotem Bar is senior ICS/OT division manager at BDO Israel