The FBI Cautions against Iranian Hacker Group Operation Cleaver

The FBI has warned that U.S. businesses could be the targets of Iranian hacking operations, particularly Operation Cleaver which has claimed dozens of victims already.

The confidential “Flash” report by the FBI, outlines technical details about the techniques and software used in the attacks and includes advice on how to thwart the hackers. The document states that the hackers launch attacks from two Iranian IP addresses but the FBI has not attributed the attacks to the Tehran government. Suspected victims are to contact the FBI, which routinely provides advisories to private industries on dealing with cyber hazards. According to the official agency document, targets may include energy firms, educational institutions, hospitals and the military.

Operation Cleaver was flagged by cyber security firm Cylance Inc. as targeting global critical infrastructure organisations. According to Cylance, the group has already claimed over 50 victims in 16 countries, including the U.S. Operation Cleaver is believed to be the result of state-sponsored cyber warfare, a new trend gaining prominence globally. Cylance released over 150 indicators of compromise which can be used to identify Operation Cleaver activity on a network, which they put together as a result of monitoring the group for two years. Cylance’s CEO Stuart McClure added that the FBI warning suggests that the hacking campaign may be bigger than what the company’s research revealed. “It underscores Iran’s determination and fixation on large-scale compromise of critical infrastructure,” McClure said. Unlike the FBI, Cylance believe that the Iranian government is behind the attacks.

The Tehran government began increasing investments in cyber capabilities in 2010 after their nuclear program was attacked by the Stuxnet computer virus, which was believed to have been launched by Israel and the U.S. Iran has been said to be a definite threat and Iranian hackers are increasingly blamed for worldwide cyber attacks. One such example is a cyber attack which took place in February and infected the servers of the casino operator Las Vegas Sands Corp with destructive malware; the attack was said to be a response to comments made by the company’s CEO about detonating a nuclear bomb in Iran.


Cyber warfare is the new form of terrorism. Large networks will need to invest heavily in cyber security as more and more technology becomes reliant on the internet and in order to protect sensitive information.