Tiger Brokers

Greek firms scan computer systems as Iran war raises cyberattack risks, sources say

Reuters
Mar 18
Greek firms scan computer systems as Iran war raises cyberattack risks, sources say

Advisory cites incident abroad linked with Iran

Iranian-backed hacking group claimed responsibility for attack on U.S. company

So far, no serious breach registered in Greece, sources say

By Renee Maltezou and Yannis Souliotis

ATHENS, March 18 (Reuters) - Greek shipowners and other companies are scanning their computer systems for evidence of cyberattacks after advice from the National Cybersecurity Authority, two sources said on Wednesday following incidents that have been linked to the Iran war.

The authority last week sent an advisory, seen by Reuters, to security officers of shipping companies, banks and firms in the transport, telecommunications, health and energy sectors, a source at the authority said, adding that the move was pre-emptive.

An Iranian-linked hacking group claimed ‌responsibility on March 11 for a cyberattack on U.S.-based medical device and services provider Stryker, according to messages posted to the group's Telegram channel.

Albania has also confirmed a cyberattack on the digital infrastructure of its parliament last week that local media said was by the Iran-linked, self-styled "Homeland Justice" group.

GREEK ADVISORY URGES SCANS

The Greek advisory, marked "high-priority", urged firms to perform the scans and inform security officers of a confirmed incident that affected a "large international organisation" abroad. It did not name it.

It listed indicators of possible compromise, including IP addresses, tools and malware, such as the VShell Remote Access Trojan. Anyone finding evidence of attack should immediately review their systems and block those IPs, it said.

Two separate sources said at least two shipping companies have received the warning. Electronic interference with commercial ship navigation systems has surged in recent days around the Strait of Hormuz and the wider Gulf.

All the sources asked not to be named because they were not authorised to speak to the media.

The first two said Greece had yet to find evidence of a significant attack, although one of them said "some sort of activity" had been tracked.

The Greek advisory said an investigation into the confirmed incident had pointed to an unidentified, sophisticated threat actor using two layers of infrastructure to scan activity, attempt unauthorised access, host malware or run command-and-control mechanisms and avoid being traced.

The second source said that some of the IP addresses listed in the Greek advisory originated from Iran.

(Additional reporting by Fatos Bytyci in Pristina; Editing by Barbara Lewis)

((renee.maltezou@thomsonreuters.com; +30 210 3376439; Reuters Messaging: renee.maltezou.reuters.com@reuters.net/))

At the request of the copyright holder, you need to log in to view this content

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Most Discussed

  1. 1
     
     
     
     
  2. 2
     
     
     
     
  3. 3
     
     
     
     
  4. 4
     
     
     
     
  5. 5
     
     
     
     
  6. 6
     
     
     
     
  7. 7
     
     
     
     
  8. 8
     
     
     
     
  9. 9
     
     
     
     
  10. 10