Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

Search

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

Contents

(Top) 1 Cylance report 2 FBI report 3 Iran's reaction 4 See also 5 References 6 External links

Operation Cleaver

●Português Edit links ●Article ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●Upload file ●Special pages ●Permanent link ●Page information ●Cite this page ●Get shortened URL ●Download QR code ●Wikidata item Print/export ●Download as PDF ●Printable version Appearance From Wikipedia, the free encyclopedia

Operation Cleaver, as labelled in a report by American firm Cylance Inc. in late 2014, was a cyberwarfare covert operation targeting critical infrastructure organizations worldwide, allegedly planned and executed by Iran.

Cylance's report was later tacitly acknowledged in a confidential report by Federal Bureau of Investigation (FBI), though Iranian officials denied involvement in the operation.^[1]

Cylance report[edit]

Logo designed by Cylance

In December 2014, California-based cyber security firm Cylance Inc. published results of a 2-year investigation,^[2] an 86-page technical report, indicating that an operation, called "Operation Cleaver", has targeted the military, oil and gas, energy and utilities, transportation, airlines, airports, hospitals and aerospace industries organizations worldwide.^[3]

The title "Operation Cleaver" alludes to frequent uses of the word "cleaver" in the malware's coding.^[4]

According to the report, over 50 entities in 16 countries have been hit by the campaign, based in the United States, Israel, China, Saudi Arabia, India, Germany, France and England among others.^[5] Cylance's research does not name individual companies, but Reuters reports citing "a person familiar with the research" Navy Marine Corps Intranet, Calpine, Saudi Aramco, Pemex, Qatar Airlines and Korean Air were among the specific targets.^[5]

Stuart McClure, Cylance founder and CEO believes that the hackers are sponsored by Iran and have ties to Islamic Revolutionary Guard Corps.^[2]

FBI report[edit]

According to Reuters, the Federal Bureau of Investigation has filed a confidential "Flash" report, providing technical details about malicious software and techniques used in the attacks. The technical document said the hackers typically launch their attacks from two IP addresses that are in Iran, but does not attribute the attacks to the Iranian government.^[5] FBI warned businesses to stay vigilant and to report any suspicious activity spotted on the companies' computer systems.^[3]

Iran's reaction[edit]

Iran has officially denied involvement in the hacking campaign. "This is a baseless and unfounded allegation fabricated to tarnish the Iranian government image, particularly aimed at hampering current nuclear talks", said Hamid Babaei, spokesman for Permanent mission of Islamic Republic of Iran to the United Nations.^[5]

See also[edit]

Cyberwarfare in Iran

References[edit]

^ Finkle, Jim (December 13, 2014). Christian Plumb (ed.). "Exclusive: Iran hackers may target U.S. energy, defense firms, FBI warns". Reuters. Retrieved March 30, 2015.

^ ^a ^b Riley, Michael A; Robertson, Jordan (December 2, 2014). "Iran-Backed Hackers Target Airports, Carriers: Report". Bloomberg News. Retrieved March 30, 2015.

^ ^a ^b Plummer, Quinten (December 15, 2014). "Operation Cleaver is Bigger Threat than Previously Thought, FBI Warns US Businesses". Tech Times. Retrieved March 30, 2015.

^ Bertrand, Natasha (December 8, 2014). "Iran Is Officially A Real Player In The Global Cyber War". Business Insider. Retrieved March 30, 2015.

^ ^a ^b ^c ^d Finkle, Jim (December 2, 2014). Richard Valdmanis, Christian Plumb and W Simon (ed.). "Iran hackers targeted airlines, energy firms: report". Reuters. Retrieved March 30, 2015.

External links[edit]

Cylance Operation Cleaver Report

v t e Cyberwarfare in Iran
Incidents	Operation Olympic Games Operation Ababil "Operation Newscaster" "Operation Cleaver"
Groups	Elfin Team Charming Kitten
Malware	Stuxnet Flame Duqu Stars virus Mahdi Shamoon
related	Iranian Cyber Army Operation Spider

t

e

Hacking in the 2010s

← 2000s

2020s →

Major incidents

2010	Operation Aurora (publication of 2009 events) Australian cyberattacks Operation Olympic Games Operation ShadowNet Operation Payback
2011	Canadian government DigiNotar DNSChanger HBGary Federal Operation AntiSec PlayStation network outage RSA SecurID compromise
2012	LinkedIn hack Stratfor email leak Operation High Roller
2013	South Korea cyberattack Snapchat hack Cyberterrorism attack of June 25 2013 Yahoo! data breach Singapore cyberattacks
2014	Anthem medical data breach Operation Tovar 2014 celebrity nude photo leak 2014 JPMorgan Chase data breach 2014 Sony Pictures hack Russian hacker password theft 2014 Yahoo! data breach
2015	Office of Personnel Management data breach Hacking Team Ashley Madison data breach VTech data breach Ukrainian Power Grid Cyberattack SWIFT banking hack
2016	Bangladesh Bank robbery Hollywood Presbyterian Medical Center ransomware incident Commission on Elections data breach Democratic National Committee cyber attacks Vietnam Airport Hacks DCCC cyber attacks Indian Bank data breaches Surkov leaks Dyn cyberattack Russian interference in the 2016 U.S. elections 2016 Bitfinex hack
2017	SHAttered 2017 Macron e-mail leaks WannaCry ransomware attack Westminster data breach Petya and NotPetya 2017 Ukraine ransomware attacks Vault7 data breach Equifax data breach Deloitte breach Disqus breach
2018	Trustico Atlanta cyberattack SingHealth data breach
2019	Sri Lanka cyberattack Baltimore ransomware attack Bulgarian revenue agency hack WhatsApp snooping scandal Jeff Bezos phone hacking incident

Advanced
persistent threats

Major vulnerabilities
publicly disclosed

2010	Bad Rabbit Black Energy 2 SpyEye Stuxnet
2011	Coreflood Alureon Duqu Kelihos Metulji botnet Stars
2012	Carna Dexter FBI Flame Mahdi Red October Shamoon
2013	CryptoLocker DarkSeoul
2014	Brambul Black Energy 3 Carbanak Careto DarkHotel Duqu 2.0 FinFisher Gameover ZeuS Regin
2015	Dridex Hidden Tear Rombertik TeslaCrypt
2016	Hitler Jigsaw KeRanger Necurs MEMZ Mirai Pegasus Petya and NotPetya X-Agent
2017	BrickerBot Kirk LogicLocker Rensenware Triton WannaCry XafeCopy
2018	VPNFilter
2019	Grum Joanap NetTraveler R2D2 Tinba Titanium ZeroAccess botnet

Retrieved from "https://en.wikipedia.org/w/index.php?title=Operation_Cleaver&oldid=1130560115" Categories: ●Cyberwarfare in Iran ●Cyberwarfare in the United States ●Cyberattacks ●Hacking in the 2010s ●Cyberattacks on energy sector ●Cybercrime in India ●This page was last edited on 30 December 2022, at 20:08 (UTC). ●Text is available under the Creative Commons Attribution-ShareAlike License 4.0; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization. ●Privacy policy ●About Wikipedia ●Disclaimers ●Contact Wikipedia ●Code of Conduct ●Developers ●Statistics ●Cookie statement ●Mobile view