Hackers Deface U.S. Gov Website With Pro-Iran Messages

APT33

The Federal Depository Library Program (FDLP) website was defaced over the weekend to show a picture of a bloodied President Donald Trump.

UPDATE

A U.S. government website was vandalized late Saturday by hackers who posted images of a bloodied President Donald Trump being punched in the face and pro-Iran messages.

The defaced website was the Federal Depository Library Program (FDLP) website, which makes U.S. federal government publications available to the public for free. The hackers, who struck as tensions between the U.S. and Iran heat up, claimed to be “Iran cyber security group hackers,” however, there’s no evidence to confirm any attribution to Iran at the moment, according to the Department of Homeland Security (DHS).

“We are aware the website of the Federal Depository Library Program (FDLP) was defaced with pro-Iranian, anti-US messaging,” a spokesperson for the Cybersecurity and Infrastructure Security Agency (CISA) told media outlets in a statement. “At this time, there is no confirmation that this was the action of Iranian state-sponsored actors. The website was taken off line and is no longer accessible. CISA is monitoring the situation with FDLP and our federal partners.”

A CISA spokesperson told Threatpost that “a misconfiguration with the content management system allowed a malicious actor to deface the website.” The misconfiguration has been corrected and the website is now operational, the spokesperson said.

Conflict between the U.S. and Iran peaked after U.S. drones on Jan. 3 killed Qassem Soleimani, an Iranian general with the Islamic Revolutionary Guard Corps who was highly-esteemed in Iran. On the heels of Soleimani’s killing, Iranian leaders vowed retaliation.

Late Saturday night, hackers referenced the incident on the FDLP landing page, saying: “Martyrdom was his (Shahid Soleymani) reward for years of implacable efforts. With his departure and with God’s power, his work and path will not cease and severe revenge awaits those criminals who have tainted their filthy hands with his blood and the blood of the other martyrs of last night’s incident.”

Hackers also posted a picture of President Trump being punched in the face and bleeding from the mouth, as well as an Iranian flag and what appeared to be Iranian missiles.

“This is only small part of Iran’s cyber ability ! We’re always ready… To be continues …” read the hackers’ message.

As of Monday morning the FDLP’s website appears to be back up and in operation. Threatpost reached out to the DHS for further information about the hack and has not yet heard back.

However, the U.S. remains on edge about future cyberthreats that Iranian hackers could pose. In a bulletin released on Friday, the DHS said that Iran “maintains a robust cyber program and can execute cyber attacks against the United States.”

“Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States,” the bulletin said. “The Department of Homeland Security is working closely with our federal, state, local, and private sector partners to detect and defend against threats to the Homeland, and will enhance security measures as necessary.”

Security experts say one particularly worrisome cyberthreat from Iran is the deployment of destructive wiper malware – which has the singular purpose of destroying systems or data, usually causing great financial and reputational damage to victim companies.

Iranian hackers have leveraged wiper malware in destructive attacks several times over the past years. For instance, wiper malware dubbed “ZeroCleare” was discovered targeting the energy and industrial sectors in the Middle East in 2019, and was attributed to APT34, an Iran-based nation-state group.

“Though, for the most part, these incidents did not affect the most sensitive industrial control systems, they did result in serious disruptions to operations,” John Hultquist, director of Intelligence Analysis at FireEye, said in a statement. “We are concerned that attempts by Iranian actors to gain access to industrial control system software providers could be leveraged to gain widespread access to critical infrastructure simultaneously.”

This article was updated Jan. 6 at 3 p.m. ET with further information from CISA.

Concerned about mobile security? Check out our free Threatpost webinar, Top 8 Best Practices for Mobile App Security, on Jan. 22 at 2 p.m. ET. Poorly secured apps can lead to malware, data breaches and legal/regulatory trouble. Join our experts to discuss the secrets of building a secure mobile strategy, one app at a time. Click here to register.

Suggested articles