Bapco targeted by Iran-based hackers

Bahrain's national oil company has been targeted by hackers reportedly from Iran, it has emerged.

Details of the data breach at Bapco were confirmed to the GDN yesterday, following the release of a report that claimed Iranian state-sponsored hackers were behind last week’s attack, with the deployment of a new data wiping malware.

“The attack did not have the long-lasting effect hackers might have wanted, as only a portion of Bapco’s computer fleet was impacted, with the company continuing to operate after the malware’s detonation,” said the report published by business technology news website, ZDNet.

It said the December 29 cyber attack on Bapco was detailed by Saudi Arabia’s National Cybersecurity Authority in its security alert.

The GDN has secured the technical report issued by the authority, titled ‘Destructive Attack: Dustman’, which elaborates on the malware’s ability to wipe content on storage devices of targeted systems.

“In 2019, multiple destructive attacks were observed targeting entities within the Middle East,” said the authority’s report, without naming Bapco.

“The National Cyber Security Centre (NCSC), a part of the National Cybersecurity Authority (NCA), detected a new malware named ‘DUSTMAN’ that was detonated on December 29.

“Based on analysed evidence and artefacts found on machines in a victim’s network that were not wiped by the malware.”

The report revealed that the hackers compromised the network and “gained privilege access to the internal infrastructure prior to the destruction activities”.

The GDN contacted officials from Bapco yesterday, who confirmed the hacking incident, but maintained the company’s operations were not affected.

“Bapco operations and supplies in the local and international markets did not face any disruption,” said a company spokesman.

“It was business as usual with no impact.”

The spokesman added that constant upgrades to the company’s systems were being done to deal with new and emerging cyber threats.

The GDN reported yesterday that cyber warfare and drone attacks in the region were identified as potential threats, as tensions escalate between Iran and the US.

Experts warned of Iranian hackers targeting critical infrastructure in the region in retaliation for the US drone strike that killed its top military commander and leader of its elite Quds Force, Qasem Solaimani, last Friday at Baghdad International Airport.

The US Department of Homeland Security last Saturday also issued a security alert in which it warned of “cyber enabled attacks against a range of US base targets”.

It said at the time that Iran maintained a robust cyber programme that could execute attacks against the US and temporarily disrupt critical infrastructure in the US.

Bahrain-based Cougar Specialist Security Services chief executive officer Tom Lockhart also told the GDN yesterday that Iran could continue to target critical infrastructure in the region.

“Critical infrastructure is a prime target for the Iran Revolutionary Guard Corps,” said Mr Lockhart.

“They have a very good cyber capability to the point that major energy providers and government departments in the UK are currently looking at their information technology and cyber defence capabilities and hardening them as required as we speak due to the current situation.”

Tensions between the US and Iran further escalated in the region on Wednesday when Iran launched at least a dozen ballistic missiles against US military forces at the Al Assad and Irbil bases in Iraq.

This was in retaliation for the US drone strike that killed Solaimani and senior Iraqi militia leader Abu Mahdi Al Muhandis.

Bahrain has long been a target for Iranian hackers, with Internet security firm Symantec issuing a notice in 2014 naming Bapco among a list of possible targets of a cyber attack.

Bahraini authorities also launched an investigation in 2017 after militant groups with links to Tehran hacked the Twitter account of Foreign Minister Shaikh Khalid bin Ahmed Al Khalifa.

Viruses

The following year the Interior Ministry announced that more than 40,000 text messages originating from Iran were circulated to disrupt Bahrain’s national elections.

The Information and eGovernment Authority (iGA) chief executive Mohamed Al Qaed also said that between February 2018 and July 2019 they foiled over five million viruses and 2.7m spam e-mails along with over 50m data breach attempts targeting government networks.

Under Bahrain’s laws, hackers face up to one year in jail and up to BD30,000 fine which can reach up to BD50,000 if private information is leaked.

Bahrain also has a hotline, 992, to report electronic related crimes.

Source: http://www.gdnonline.com/Details/726263