Greek firms scan computer systems as Iran war raises cyberattack risks, sources say
The authority last week sent an advisory to security officers of shipping companies, banks and firms in the transport, telecommunications, health and energy sectors, a source at the authority said, adding that the move was pre-emptive. An Irani...
By Reuters |
Agencies
Greek shipowners and other companies are scanning their computer systems for evidence of cyberattacks after advice from the National Cybersecurity Authority, two sources said on Wednesday, following incidents that have been linked to the Iran war.
The authority last week sent an advisory, seen by Reuters, to security officers of shipping companies, banks and firms in the transport, telecommunications, health and energy sectors, a source at the authority said, adding that the move was pre-emptive. An Iranian-linked hacking group claimed responsibility on March 11 for a cyberattack on U.S.-based medical device and services provider Stryker, according to messages posted to the group's Telegram channel.
Albania has also confirmed a cyberattack on the digital infrastructure of its parliament last week that local media said was by the Iran-linked, self-styled "Homeland Justice" group.
Greek advisory urges scans
The Greek advisory, marked "high-priority", urged firms to perform the scans and inform security officers of a confirmed incident that affected a "large international organisation" abroad. It did not name it. It listed indicators of possible compromise, including IP addresses, tools and malware, such as the VShell Remote Access Trojan. Anyone finding evidence of attack should immediately review their systems and block those IPs, it said.
Two separate sources said at least two shipping companies have received the warning. Electronic interference with commercial ship navigation systems has surged in recent days around the Strait of Hormuz and the wider Gulf.
The first two said Greece had yet to find evidence of a significant attack, although one of them said "some sort of activity" had been tracked.
The Greek advisory said an investigation into the confirmed incident had pointed to an unidentified, sophisticated threat actor using two layers of infrastructure to scan activity, attempt unauthorised access, host malware or run command-and-control mechanisms and avoid being traced.
The second source said that some of the IP addresses listed in the Greek advisory originated from Iran.
The authority last week sent an advisory, seen by Reuters, to security officers of shipping companies, banks and firms in the transport, telecommunications, health and energy sectors, a source at the authority said, adding that the move was pre-emptive. An Iranian-linked hacking group claimed responsibility on March 11 for a cyberattack on U.S.-based medical device and services provider Stryker, according to messages posted to the group's Telegram channel.
Albania has also confirmed a cyberattack on the digital infrastructure of its parliament last week that local media said was by the Iran-linked, self-styled "Homeland Justice" group.
Greek advisory urges scans
The Greek advisory, marked "high-priority", urged firms to perform the scans and inform security officers of a confirmed incident that affected a "large international organisation" abroad. It did not name it. It listed indicators of possible compromise, including IP addresses, tools and malware, such as the VShell Remote Access Trojan. Anyone finding evidence of attack should immediately review their systems and block those IPs, it said.
Two separate sources said at least two shipping companies have received the warning. Electronic interference with commercial ship navigation systems has surged in recent days around the Strait of Hormuz and the wider Gulf.
ADVERTISEMENT
All the sources asked not to be named because they were not authorised to speak to the media.The first two said Greece had yet to find evidence of a significant attack, although one of them said "some sort of activity" had been tracked.
The Greek advisory said an investigation into the confirmed incident had pointed to an unidentified, sophisticated threat actor using two layers of infrastructure to scan activity, attempt unauthorised access, host malware or run command-and-control mechanisms and avoid being traced.
The second source said that some of the IP addresses listed in the Greek advisory originated from Iran.
Download
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
Download
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
Related Articles
Another Anthropic blunder? Did hackers get into its secret Mythos AI system—raising fresh fears about deeper security gaps and powerful cyberattack risks worldwideADVERTISEMENT
