American officials and corporate security experts examining a new wave of potentially destructive computer attacks striking American corporations, especially energy firms, say they have tracked the attacks back to Iran.
The targets have included several American oil, gas and electricity companies, which government officials have refused to identify. Government officials describe the attacks as probes looking for ways to seize control of critical processing systems.
Government officials and outside experts on Friday confirmed a report in The Wall Street Journal that the source of the attacks had been narrowed to Iran. After investigations, American officials concluded that the Aramco attack, and a subsequent one at Ras Gas, the Qatari energy company, were the work of Iran.
Taken together, officials say, the attacks suggest that Iran’s hacking skills have improved over the past 18 months. The Obama administration has been focused on Iran because the attacks have given the Iranian government a way to retaliate for tightened economic sanctions against it, and for the American and Israeli program that aimed similar attacks, using a virus known as Stuxnet, on the Natanz nuclear enrichment plant.
That effort, code-named Olympic Games, slowed Iran’s progress for months, but also prompted it to create what Iran’s Islamic Revolutionary Guards Corps calls a cyber corps to defend the country.
This week Iran denied being the source of any attacks, and said it had been a victim of American sabotage. The new attacks, officials say, were devised to destroy data and manipulate the machinery that operates critical control systems, like oil pipelines. In the past, government officials have privately warned companies under threat. But Homeland Security was able to issue a broader warning because of an executive order, signed in February, promoting greater information sharing about such threats between the government and private companies that oversee the nation’s critical infrastructure.
An agency called ICS-Cert, which monitors attacks on computer systems that run industrial processes, issued the warning. It said the government was “highly concerned about hostility against critical infrastructure organizations,” and included a link to a previous warning about Shamoon, the virus used in the Saudi Aramco attack last year.
That attack prompted Leon E. Panetta, then defense secretary, to warn of a “cyber-Pearl Harbor” if the United States did not take the threat seriously.
Government officials also say Iran was the source of a separate continuing campaign of attacks on American financial institutions that began last September and has since taken dozens of American banks intermittently offline, costing millions of dollars. But that attack was a less sophisticated “denial of service” effort.