Iran has conducted a cyberattack on UK parliament during the summer and inflicted damage to some 9,000 email accounts, Politico reports. The accounts that were hacked include those of the Prime Minister Theresa May as well as other cabinet ministers, according to The Times, which based its report on a secret intelligence assessment. The cyberattack was conducted on June 23 and at first, Russia was blamed.
The discovery comes as May and other world leaders are trying to persuade Washington not to step away from the Iran nuclear accord. On Friday, U.S. President Donald Trump said he will decertify the 2015 Iran agreement because he believes Tehran has continuously violated it. He kicked a decision over whether to restore sanctions back to Congress.
British Prime Minister, along with German Chancellor Angela Merkel and French President Emmanuel Macron, issued a joint statement declaring that they are committed to the Iran pact and its full implementation. They called for Trump and the U.S. Congress to consider the implications to the security of the U.S. and its allies.
This cyberattack is probably Iran’s first major act of cyber-warfare in the UK. During the 12-hour attack, a computer program bombarded parliamentary email accounts. None of May’s emails was at risk because she uses a secure Downing Street account, not her parliamentary one.
An investigation by the National Cyber Security Centre (NCSC) and the National Crime Agency is ongoing. An NCSC spokesperson said: “It would be inappropriate to comment further while inquiries are ongoing.”
Cyber-attacks are not something new for the Iranian regime. Last month, cyber-security company ‘FireEye’ has identified what it says is a hacking group sponsored by the Iranian government that has targeted organizations in the U.S., the Middle East, and Asia.
The firm that gathers cyber intelligence and responds to incidents through its Mandiant subsidiary, said in a report out Wednesday that the Iranian hacking group has targeted companies involved in the petrochemical industry and in military and commercial aviation — perhaps seeking an edge in its regional rivalry with Saudi Arabia. FireEye dubbed the group APT33 — APT stands for “advanced persistent threat” — and says it has hacked targets through spearphishing emails.
“These campaigns demonstrate the depth of Iran’s cyber capabilities,” said John Hultquist, director of intelligence analysis for FireEye. “Actors like APT33, now narrowly focused on the Middle East, are the tools Iran will reach for if they choose to carry out attacks in the future.”
Attributing cyber activity is a matter of detective work. FireEye traced the hackers to Iran in part through a handle, “xman_1365_x,” that the firm linked to an Iranian government software engineer. The report also notes that the hackers’ workday appeared to correspond to Iran’s time zone and Iran’s Saturday to Wednesday work week.