This article originated in VOA’s Persian Service.
Britain’s Sky News says U.S.-based cybersecurity experts have found that a group linked to Iran’s Islamic Revolutionary Guard Corps has carried out two cyberattacks on British institutions in recent years.
A Wednesday report by the British news agency said the California-based cyber experts, whom it did not identify, determined that a suspected IRGC-linked group was behind a previously undisclosed attack on British public and private entities on Dec. 23, 2018, and a previously reported attack on the British parliament’s email network on June 23, 2017.
Sky News said it passed the California cyber experts’ findings to British security services, who declined to publicly confirm Iran’s involvement in the two incidents. But the London-based news agency, whose report was cited by several other British news outlets, said four unnamed “security sources” believed the allegations of Iranian involvement to be accurate.
Sky News quoted Britain’s National Cyber Security Center as saying it was “aware of a cyber incident affecting some U.K. organizations in late 2018” and that it was “working with victims and advising on mitigation measures.”
No comment from Iran
There was no immediate response to the report from officials in Iran, which previously has denied using its cyber capabilities for offensive purposes.
The Sky News report said the December 2018 cyberattack targeted the British Post Office, local government networks and private companies, including banks. It said personal details belonging to thousands of employees were stolen, including the email address and mobile phone number of Post Office Chief Executive Paula Vennells. The Post Office had no immediate response to the report.
In a previously undisclosed development related to the June 2017 cyberattack, Sky News said it has seen 10,204 data records stolen from the British parliament’s global address lists in that incident. It said the records contain addresses, company positions and phone numbers, including mobile numbers of at least 10 members of the upper and lower houses of the British parliament.
British news reports published in October 2017 about the June 2017 incident did not contain any details of what if any data had been compromised in the parliamentary email network.
‘Iran is being careful’
Sky News cited Lewis Henderson, vice president of threat intelligence at British cybersecurity company Glasswall Solutions, as saying the suspected stolen records could be used to influence elections.
“You can start to impersonate people within (a) government as well and be utterly convincing,” Henderson told the news agency.
Andy Barratt, a U.K.-based executive of U.S.-headquartered cybersecurity consultancy Coalfire, told another news site, SCMagazineUK.com, that he believed the reported incidents represent an Iranian effort to steal sensitive data from British public sector organizations.
“It’s interesting that Iran is seeking to extract data, rather than bring down core infrastructure like other nation-state attacks have done. North Korea’s WannaCry hack, for example, brought parts of the (British) National Health Service to a standstill,” Barratt said. “It’s possible that Iran is being careful, given the West’s penchant for military activity in the Middle East. But it’s also possible that this was an intelligence gathering exercise to collect the data needed for more targeted espionage in the future.”