Cyber expert: Iran scientist reports new malware attack

Share

IAEA, meet AC/DC?

On Sunday, Finnish cyber security expert Mikko Hypponen received a series of emails from someone purporting to be a scientist at Iran’s atomic energy organization.

“The scientist reached out to publish information about Iranian nuclear systems getting struck by yet another cyber attack,” Hypponen, wrote on his blog., citing from the scientist’s emails:

I am writing you to inform you that our nuclear program has once again been compromised and attacked by a new worm with exploits which have shut down our automation network at Natanz and another facility Fordo near Qom.

According to the email our cyber experts sent to our teams, they believe a hacker tool Metasploit was used. The hackers had access to our VPN. The automation network and Siemens hardware were attacked and shut down. I only know very little about these cyber issues as I am scientist not a computer expert.

There was also some music playing randomly on several of the workstations during the middle of the night with the volume maxed out. I believe it was playing ‘Thunderstruck’ by AC/DC.

Hypponen, reached by Al Monitor Tuesday, said he has confirmed the emails were coming from Iran’s atomic energy organization, but can’t vouch for the AC/DC breaking out on the work stations., or any of the other details his correspondent provided.

“I only know what the scientist from AEOI told me,” Hypponen told Al Monitor by email Tuesday. “I can’t confirm any of his sayings, but I can confirm the emails were coming from AEOI.”

“He emailed me three times on Sunday,” Hypponen continued, adding that he published the message with his correspondent’s permission. “Since then he hasn’t responded to my emails. He was sending and receiving email at an official aeoi.org.ir address.”

So is the correspondent really who he says? It’s interesting to note that he gave permission for his email to be published. Was he looking for help in halting the alleged malware attack–or publicity? Perhaps a clever information operation meant to stoke more paranoia in the ranks of Iran’s nuclear program.

(Photo: AC/DC lead guitarist Angus Young performs at the O2 Millenium Dome stadium in LondonApril 14, 2009.   REUTERS/Luke MacGrego.)