Photographer: Andrey Rudakov/Bloomberg

Cyber Espionage Seen Expanding to Grasp Trump Policy Changes

  • Iran wants insight on new administration’s plans, FireEye Says
  • No drop in Russian hacking in U.S., Europe since election

U.S. government agencies, think tanks and political groups should expect an increase in cyber espionage as countries like Iran try to grasp changing foreign and military policies under the new Trump administration, according to an executive with cybersecurity company FireEye Inc.

Nations regularly spy on one another but with President Donald Trump espousing unconventional approaches to foreign policy, there is an heightened urgency to know what shifts may occur, according to John Hultquist, FireEye’s manager of cyber espionage analysis.

“We can anticipate worldwide a surge in cyber espionage because of the changing administration, because of America’s rapidly changing foreign policy, military policy, diplomatic policy," Hultquist said in an interview in San Francisco. “We have created a lot of uncertainty that foreign countries or foreign adversaries are going to try to unravel with these tools.”

Organizations under threat include the State Department, political parties and research institutes that provide insights on how the U.S. posture is developing, Hultquist said.

Recent breaches in Gulf Arab countries, including Saudi Arabia, are believed to have been the result of the computer-killing malware known as Shamoon, linked to Iran. Hulquist said that could be a harbinger for what could happen in the U.S., if Iran decides to move from mere espionage, as it has an interest in “disruptive and destructive attacking.”

‘Put on Notice’

Tensions with Iran have flared under Trump. He’s criticized the Iran nuclear deal made with world powers and earlier in February said Iran was “put on notice” for firing a ballistic missile. Researchers have been tracking cyber espionage from Iran on U.S. entities, Hultquist said.

“The Gulf has already proved to be a canary for the U.S. as far as Iranian activity,” Hultquist said. “Especially given the fact that our relationship with them may change any day now, it’s not unreasonable to anticipate that they will be soon preparing or carrying out some sort of reconnaissance” to plan a cyber attack on a prominent target, he said, adding that FireEye is searching for evidence that Iranian hackers may be preparing for such an attack.

Officials in Iran, which saw its nuclear facilities targeted by a computer virus believed to be linked to Israel and the U.S., have repeatedly denied accusations of hacking.

No Russian ‘Lull’

Meanwhile, there’s been no signs of change in Russian cyber activity since U.S. intelligence agencies concluded that President Vladimir Putin’s government was responsible for attacks around the U.S. presidential campaigns. U.S. sanctions in response to the attacks don’t seem to have deterred hackers and there’s not been any “lull” in their cyber activities, including espionage, Hultquist said.

In the past six months, Hultquist said Milpitas, California-based FireEye has seen Russian hackers being “very active” around political institutions in Europe, “where we expect they have a strong interest in the outcomes of different elections.” They’re also carrying out some of the same “information operations” in Europe -- such as using social media trolls -- seen during the U.S. elections. Russia also rejects accusations of hacking.

Nevertheless, in recent months, APT28, a moniker for the same Russian government-linked group that hacked the Democratic National Committee last year, has targeted several ministries of foreign affairs and embassies in Europe and elsewhere, with Eastern Europe being a focus, Hultquist said.

    Before it's here, it's on the Bloomberg Terminal.