Iranian Cyber Attacks Threaten Our Daily Operations

29 July 2021

Rotem Bar, Senior ICS/OT Devision manager, BDO Israel |

According to a Sky News report obtained from classified documents allegedly from Iran, a cyber-attack could sink a cargo ship or blow up a fuel pump at a gas station using a cyber-attack.

The Sky News report also details how satellite devices are used by the shipping industry globally and how a computer-based system controls lighting, heating, and ventilation in smart buildings worldwide.

According to a security source with knowledge of the five research reports, the 57-page collection was gathered by an offensive cyber unit called Shahid Kaveh, part of Iran's terrorist-linked Islamic Revolutionary Guard Corps (IRGC).

"They are creating a target bank to be used whenever they see fit," said the source, who requested to remain anonymous for the documents to be discussed directly.

Almost all of the files include a quote that appears to be from Iran's Supreme Leader, Ali Khamenei: "The Islamic Republic of Iran must become among the world's most powerful in the area of cyber." Sources describe this quote as something like a "commander's intent statement".
The front pages of only two of the reports mention the date of completion.

The first, examines what is known as a building management system - the computer technology that controls things like lights, heating, and ventilation in smart buildings - from 19 November 2020.

Companies that provide these services are listed in the documents. Several manufacturers were involved, including Honeywell in the United States; Schneider Electric, a French electrical equipment company; Siemens, a German company; and KMC Controls, another US company.

Another report, which deals with a German company called WAGO, which makes electrical components for the industrial automation market, is dated 19 April 2020 and is the most comprehensive.
The file examined vulnerabilities in a programmable logic controller or PLC – a computer control system.

"Continuing the investigation, to use these processes, we noticed the vulnerabilities within these systems are irreparable. If there is an attack, the damage will not be easy to fix," the report said.

"Therefore, compared to other PLC brands, this brand is impenetrable once connected online. When online, the infrastructure and intelligence on engineering cannot be reached and cannot be lost.

"For our benefit, the best situation is for the PLC not to work as intended, and for that to happen, a project must be written in "ladder" language and have multiple exits, as many as possible. But the problem with this project is that we wouldn’t be able to assess the damage caused. The other option is to assess the PLCs and software's weak points and dangerous points to attack our target. This option needs separate investigation and research before we can find the weak points."

The Iranian attack unit 13 is not working in a vacuum. There are many attack groups for nations, companies, and criminals, with the last two seeking money as an incentive. Governments do not follow those rules, and their agenda might not be as clear.

This is why documents describing such targets with attack openness, as those documents describe, are rarely published nor exposed in such a manner.

The document provides a glimpse of the attack way of thinking about the target's organizations and the possible attack vectors and destruction capabilities related to the target.
Until today smart building owners did not add nation-states into the reference threat options, and by closely examining the reports, it's clear that this was a mistake that needs to be addressed. 

WAGO, a German manufacturer of industrial automation, was one of the attack vectors described in the report. Many types of automation equipment were used in the industrial automation market and with Cloud-PLC service.

Many of the devices used in industrial automation and building automation are not updated. Vulnerability publications are not addressed, allowing the Iranians and other attackers to continue and hold ground on the victims' systems for many years.

Industrial and building management systems are holding one of our key aspects and safety. With millions of systems globally, those attack groups pose a significant risk to the modern life that we get used to in our daily lives.

BDO Cyber Israel provides complete security solutions for industrial organizations and building management systems to reduce attack risk and establish a true resilience to the system.

Contact our professionals to have your system checked and vetted for a cyber-attack.

Contact Now>>