If you fight with force
You become like that which you fight
An alleged Iranian hacking group whose existence is denied by the state is turning up the heat on its two-year global campaign to pop critical infrastructure systems, Cylance researchers say. The group was tied to Iran by the local infrastructure it was alleged to use in the attacks and appeared to have formed as a response to …
From the article: The report was stripped of attackers' personal information including any 'party photos' uploaded to Facebook.
The attackers are getting a bit bold there aren't they? This would seem to make a mockery of denials IF the photos and personal info are legitimate. But, it could all be misdirection.
I'm unconvinced by the blaming of Iran.
The complete lack of UK instances seems most unlikely, because as the former colonial power, as a serial meddler in the Middle East, and as the 51st state, the UK is invariably being insulted and attacked by the Iranians. Add to that the combination of technical expertise, accompanied by signposts that are supposed to point to Iran, and this looks like a run of the mill false flag activity to me. Considering that this was an infrastructure attack, was allegedly so clever, is nobody astounded that other than files (supposedly) stolen, no worthwhile damage was done? We're always being warned that our critical infrastructure is vulnerable, so why weren't cities gridlocked? Why wasn't the water network turned off? What didn't the lights go out?
I'm also unimpressed by the lack of detail on who CyLance are, both here and on Ars. Both stories seem little more than an uncritical precise of CyLance's allegations.
We're supposed to believe that this white hat organisation can follow everything that these hackers are doing, including acquiring the source they use at their home base. I can see backtracking an individual intrusion is possible with cooperation from the targeted organisation, but to trace all these intrusions they would need either global network access or to have owned 'Cleaver's network.
Similarly, how can CyLance by manipulating DNS on third party networks unless they're pretty black themselves, or did all these hacked organisations around the world happen to pick the same obscure company to investigate these intrusions they didn't know about.
The only organisations I would suspect of being able to do this level of monitoring, are exactly the ones mostly likely to be doing a false flag operation with Iran as the target.