Inside Operation Cleaver

Written By Tiffany Tu

Back to All Articles

In late 2014, a sinister cyber espionage campaign dubbed “Operation Cleaver” came to light, revealing the dark underbelly of state-sponsored hacking. Attributed to Iranian threat actors, this operation targeted critical infrastructure around the world, posing significant threats to national security and economic stability.

History

Operation Cleaver was uncovered by the cybersecurity firm Cylance, which detailed its findings in a comprehensive report released in December 2014. According to Cylance, the campaign had been active since at least 2012, targeting a wide range of industries and institutions globally. The operation was linked to Iranian hackers, and its name “Cleaver”; was derived from the group’s tendency to leave behind clues and code names referring to cleavers and other cutting tools.

Impact

The impact of Operation Cleaver was far-reaching and alarming:

  • Global Reach: The campaign targeted organizations in more than 16 countries, including the United States, Canada, the United Kingdom, Israel, Saudi Arabia, and South Korea.

  • Diverse Targets: Victims included sectors critical to national security and economic stability, such as aerospace, energy, transportation, healthcare, telecommunications, and finance.

  • Strategic Threat: By infiltrating these sectors, the attackers had the potential to disrupt critical infrastructure, steal sensitive information, and potentially cause physical damage to systems and facilities.

The attackers demonstrated a high level of expertise and resourcefulness, adapting their techniques to evade detection and maintain long-term access to compromised networks.

Main Objective

The primary objective of Operation Cleaver was to conduct extensive cyber espionage and gather intelligence that could be leveraged for strategic advantages. The campaign aimed to:

  • Gather Sensitive Information: By infiltrating critical infrastructure and key industries, the attackers sought to collect valuable data, including proprietary technology, industrial control systems, and confidential communications.

  • Establish Persistent Access: The operation aimed to maintain long-term access to compromised networks, allowing for ongoing surveillance and data collection.

  • Disrupt Critical Infrastructure: The attackers had the capability to cause significant disruptions to critical infrastructure, potentially leading to economic and national security crises.

While the full extent of the attackers’; intentions remains unclear, the potential for widespread damage and disruption was evident.

Written By: Prabuddha Pandey

Tiffany Tu
Next

The 2018 “Olympic Destroyer” Cyber Attack