Threat Intelligence, Incident Response, TDR

UPDATE: Schumer confirms expected indictment of Iranian hackers for N.Y. dam breach

U.S. Sen. Charles Schumer weighed in on the intrusion of the Bowman Avenue Dam in upstate New York, calling it a “shot across the bow.”

Speaking at a re-election campaign appearance in Lawrence, N.Y., Schumer discussed the cyber-intrusion, which has been attributed to Iranian hackers. He confirmed an expected upcoming federal indictment against the individuals responsible for the breach and said an indictment could come as by next month.

The intrusion is the latest in escalating cyber tensions involving Iran. Cylance Vice President of Strategy Jon Miller told SCMagazine.com that the Iranian hackers attacked critical infrastructure targets in the U.S. and internationally. The attackers, who Miller termed “unsophisticated attackers,” did not successfully evade attribution. The group appeared to be located about 1.5 miles away from the Iran's military intelligence location, he added.

The hackers are likely the same group behind Operation Cleaver, an offensive attack by Iranian hackers that breached the U.S. Navy Marine Corps intranet, said Miller.

The Iranian hacking group SOBH Cyber Jihad claimed responsibility for the Bowman Avenue Dam incident, according to Flashpoint Intelligence. “Oftentimes their claims are opportunistic,” a source at the intelligence firm told SCMagazine.com. “It could be this group. Or it could be that they are blowing smoke in our face.”

In December, Parastoo, another Iranian group, posted a message on behalf of SOBH Cyber Jihad in which the later group claimed responsibility for the attack on the Bowman Avenue Dam. In a report viewed by SCMagazine.com, Flashpoint Intelligence noted, “SOBH Cyber Jihad promised to compile and release a technical report outlining the indicators of compromise for the operation against the Bosman Avenue Dam.” The hacking group has not yet released indicators of compromise, according to Flashpoint Intelligence.

UPDATE: An earlier version of this article stated that security researcher Brian Wallace discovered the Bowman Avenue Dam intrusion. Cylance, Wallace's employer, clarified that DHS notified the officials in the city of Rye of the attack. Wallace worked on research involving Operation Cleaver, a separate cyber incident that was conducted by the same group, according to Cylance. This article has been updated to include additional reporting.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.