A group of Iranian hackers going by the online handle of “Iran Cyber Security Group Hackers” has hacked and defaced the official website of the US Federal Depository Library Program (FDLP) and replaced its homepage with one of their own.
The incident took place on January 4th however on the same day, another group of Iranian hackers calling themselves “Shield Iran” targeted Sierra Leone Commerical Bank (slcb.com) and defaced its homepage with a picture of Qasem Soleimani, an Iranian major general in the Islamic Revolutionary Guard Corps (IRGC) who was killed in a targeted U.S. drone strike on 3rd January 2020 in Baghdad, Iraq.
Furthermore, due to defacement, both websites were forced to display messages in support of the Iranian and against the US government. One of the illustrations on the hacked FDLP displayed US President Donald Trump being punched.
The deface message also vowed to carry on supporting oppressed people of the region.
“We will not stop supporting our friends in the region; the oppressed people of Palestine, the oppressed people of Yemen, the people and the Syrian government, the people and government of Iraq, the oppressed people of Bahrain, the true mujahideen resistance in Lebanon and Palestine, [they] will be supported by us,” the message said.
Here’s a full preview of the deface page left by the hackers:
The US Department of Homeland Security, has acknowledged the hack and released the following statement:
“We are aware the website of the Federal Depository Library Program [FDLP] was defaced with pro-Iranian, anti-US messaging,” the spokesperson said in a statement. “At this time, there is no confirmation that this was the action of Iranian state-sponsored actors. The website was taken offline and is no longer accessible. CISA [the Cybersecurity and Infrastructure Security Agency] is monitoring the situation with FDLP and our federal partners.”
While things between Iran and the United States are escalating on the ground, the US government believes that Iranian hackers are gearing up for cyberattacks on its critical infrastructure. In a Tweet, Chris Krebs, director of Cybersecurity and Infrastructure Security Agency warned the following:
Given recent developments, re-upping our statement from the summer.
Bottom line: time to brush up on Iranian TTPs and pay close attention to your critical systems, particularly ICS. Make sure you’re also watching third party accesses! https://t.co/4G1P0WvjhS
— Chris Krebs (@CISAKrebs) January 3, 2020
It is worth mentioning that Iranian hackers backed by its government are highly sophisticated and follow Syrian Electronic Army type social engineering attacks. Currently, Iranian hackers are equipped with several highly dangerous malware including Stuxnet.
At the time of publishing this article, FDLP and SLCB’s websites were offline. However, stay tuned there is a lot more to come.