Iranian government-sponsored hackers compromised the network of an unnamed US federal government agency starting in February, stealing passwords on the network and installing software to generate cryptocurrency, US officials said Wednesday.
Though the hack likely began in February, officials at the Department of Homeland Security responded to the breach in June to clean up the network of the civilian agency, the FBI and DHS’s Cybersecurity and Infrastructure Security Agency (CISA) said in a public advisory.
The hackers exploited a widely known vulnerability that CISA sounded the alarm about in December 2021 and ordered agencies to address.
It’s an example of how it can take months from when a hack occurs to when it is discovered and disclosed. It also could be the latest evidence that Tehran’s hacking teams, which are often government contractors, dabble in self-enrichment schemes. The hackers allegedly used their access to the US government network to install software that produces cryptocurrency — potentially useful revenue for the sanctions-hit citizens of Iran.
The ultimate motive of the alleged Iranian hackers was unclear. CISA and the FBI did not immediately respond to a request for comment.
The Iranian government regularly denies accusation of hacking. The Iranian Permanent Mission to the United Nations did not immediately respond to a request for comment.
The hacking programs of major world powers, including China and Iran, often rely on contractors that give those governments a level of plausible deniability for the cyber activity. The United States, too, has used contractors to build out its offensive cyber capabilities.
In the case of Iran, US authorities have in recent months accused the Iranian regime’s alleged contractors of moonlighting for personal gain. US officials in September accused three Iranian men of hacking and extorting an array of US companies and organizations while working for IT firms affiliated with the Islamic Revolutionary Guard Corps.