Iran conducted 'major cyber assault' on key UK infrastructure

Alistair Bunkall, defence and security correspondent

Iran is being blamed for a wave of cyber attacks that targeted key parts of the UK's national infrastructure in a major assault just before Christmas.

It is understood that private sector companies, including banks, were also compromised in what has been described as an "ongoing" campaign.

Sky News has learnt that the Post Office and local government networks were both hit in coordinated attacks on 23 December.

The National Cyber Security Centre said it was "aware of a cyber incident affecting some UK organisations in late 2018" and that it was "working with victims and advising on mitigation measures".

Personal details belonging to thousands of employees were stolen, including the email address and mobile phone number of the Post Office chief executive Paula Vennells.

Analysis by cyber security experts in California has concluded that a group connected to the Iranian Revolutionary Guard was responsible for this attack and the attack on the parliamentary network in 2017.

Sky News has seen the 10,204 data records that were stolen from the parliament global address lists during that attack including addresses, company positions and phone numbers.

The mobile phone numbers of at least 10 peers and MPs were among the compromised data.

Lewis Henderson, vice-president of threat intelligence at cyber security company Glasswall, said the data could be used to start a deeper attack.

"As we've seen, you can do anything... influence elections, in particular. You can start to impersonate people within that government as well and be utterly convincing," he said.

"The levels of trust that the global address list puts in place is completely eroded once you've lost that information, once it's out there in the hands of the attackers.

"We know that they could be impersonating members of our own government and starting to alter and disrupt communications."

Sky News has informed British security services of the findings, and although they haven't publicly confirmed Iran's involvement, four separate security sources say they believe it to be accurate.

It is further confirmation that Iran is engaged in an ongoing cyber campaign against the West after nine key leaders and affiliates of a group called The Mabna Institute were indicted by the FBI in February 2018.

The Mabna Institute is linked to the Iranian government.

The charges included aggravated access to computer systems, wire fraud and stealing proprietary data.

The FBI said that victims of the group included approximately 144 US universities, 176 foreign universities in 21 countries, two international NGOs, five federal and state agencies in the US, and 11 private foreign companies.

It is understood the group was reorganised following those indictments, but continues to operate in a splintered form and now includes hackers from Lebanon, Palestine and Syria.

Emily Orton, co-founder of the cyber firm Darktrace, says the problem is severe: "We're in the Wild West of hacking at the moment. If you speak to any of the critical infrastructure providers in this country or any other, you will see that they are dealing with attacks like this pretty much on a daily basis."

Last month, at the Munich Security Conference in Germany, Iran was described by one European intelligence chief as being a major cyber threat to the West, third only in its behaviour to Russia and China.

Meanwhile, last week, 99 websites used by Iranian hackers to launch cyberattacks were seized by Microsoft after the tech firm took a hacking group to court.

Microsoft said the group, who it calls Phosphorus and others call APT35, has tried to steal sensitive information from activists, journalists and others in the Middle East.