Cylance has just released its “Operation Cleaver” report. After two years of investigation, Cylance concludes:
Since at least 2012, Iranian actors have directly attacked, established persistence in, and extracted highly sensitive materials from the networks of government agencies and major critical infrastructure companies in the following countries: Canada, China, England, France, Germany, India, Israel, Kuwait, Mexico, Pakistan, Qatar, Saudi Arabia, South Korea, Turkey, United Arab Emirates, and the United States.
Cylance provides this map of the victims:
Source: Cylance
How did the attackers gain access to the targeted systems? Cylance reports that the attackers used SQL injection and Spearphishing. Spearphishing uses highly targeted deceptive emails to deceive users into compromising their systems. Operation Cleaver details the clever domains that the attackers created and used to add credibility to their attack emails. For example, the fake domains Teledyne-Jobs.com; Doosan-Job.com and NorthropGrumman.net were used to deceive victims into believing they were being recruited by legitimate employers.
The attackers are targeting users to infiltrate systems. Users need tools that assist them in identifying cleverly constructed spearphishing emails. That is the function of SP Guard.