Operation Cleaver

Operation Cleaver, as labelled in a report by American firm Cylance Inc. in late 2014, was a cyberwarfare covert operation targeting critical infrastructure organizations worldwide, allegedly planned and executed by Iran.

Cylance's report was later tacitly acknowledged in a confidential report by Federal Bureau of Investigation (FBI), though Iranian officials denied involvement in the operation.

Cylance report
In December 2014, California-based cyber security firm Cylance Inc. published results of a 2-year investigation, an 86-page technical report, indicating that an operation, called "Operation Cleaver", has targeted the military, oil and gas, energy and utilities, transportation, airlines, airports, hospitals and aerospace industries organizations worldwide.

The title "Operation Cleaver" alludes to frequent uses of the word "cleaver" in the malware's coding.

According to the report, over 50 entities in 16 countries have been hit by the campaign, based in the United States, Israel, China, Saudi Arabia, India, Germany, France and England among others. Cylance's research does not name individual companies, but Reuters reports citing "a person familiar with the research" Navy Marine Corps Intranet, Calpine, Saudi Aramco, Pemex, Qatar Airlines and Korean Air were among the specific targets.

Stuart McClure, Cylance founder and CEO believes that the hackers are sponsored by Iran and have ties to Islamic Revolutionary Guard Corps.

FBI report
According to Reuters, the Federal Bureau of Investigation has filed a confidential "Flash" report, providing technical details about malicious software and techniques used in the attacks. The technical document said the hackers typically launch their attacks from two IP addresses that are in Iran, but does not attribute the attacks to the Iranian government. FBI warned businesses to stay vigilant and to report any suspicious activity spotted on the companies' computer systems.

Alleged victims' reaction

 * A Pemex spokesman said the company had not detected any attacks from the Iranian groups but was constantly monitoring.
 * Muhammad Haneef Rana, a spokesman for Pakistan International Airlines, said he wasn’t aware of any threat from hackers and “We are well secured and our firewall is in place”.
 * Korean Air declined to comment.

Iran's reaction
Iran has officially denied involvement in the hacking campaign. "This is a baseless and unfounded allegation fabricated to tarnish the Iranian government image, particularly aimed at hampering current nuclear talks", said Hamid Babaei, spokesman for Permanent mission of Islamic Republic of Iran to the United Nations.