While Iran is unlikely to match the cyber capabilities of Russia, China, or even North Korea in the short term, this third-tier actor has already racked up some notable wins. Between 2011 and 2013, in some of their first forays into cyberwarfare, Iranian hackers cost U.S. financial institutions tens of millions of dollars and knocked Saudi Aramco’s business operations offline for months. Over the past two years, Iranian hackers hit more than 200 companies around the world, inflicting hundreds of millions dollars’ worth of damage, according to a new Microsoft report. We downplay this evolving menace at our peril.
Too quickly, experts dismiss Iran’s ability to conduct significant operations. After a February breach of the Australian parliament, the Syndey Morning Herald reported that “Australian sources with detailed knowledge of the hack” dismissed a cybersecurity firm’s attribution of the attack to Iranian hackers, claiming that Iran lacks the cyber skills necessary to conduct such a sophisticated operation. While the firm has provided insufficient data to draw definitive conclusions, analysts should not discount Iran out of hand.
After all, Tehran did reportedly conduct a similar operation in 2017 against the British parliament. In that attack, hackers compromised dozens of email accounts belonging to lawmakers by identifying accounts with weak passwords and without two-factor authentication. While Downing Street has not publicly identified the hacker, British news outlets reported that British intelligence has attributed the attack to Iran.
In its annual Worldwide Threat Assessment, the U.S. Intelligence Community concluded that Iranian hackers are only capable of “causing localized, temporary disruptive effects.” Yet, the assessment also cautioned that “Iran uses increasingly sophisticated cyber techniques,” and is attempting to deploy capabilities to attack U.S. and allied critical infrastructure. In fact, as the cybersecurity firm FireEye warned in January, Iranian operations pose a threat to “a wide variety of sectors and individuals on a global scale.” A European Union report released the same month concluded that Iran will likely “intensify state-sponsored cyber threat activities.”
Recent statements from the U.S. and Israeli governments offered further details about the threat. Last month, the Justice Department unsealed an indictment against a U.S. citizen and four Iranian operatives who were targeting U.S. government and intelligence agents. The operatives created fake Facebook profiles to trick victims into accepting friend requests and, in at least one case, adding the fake persona to a private Facebook group “composed primarily of USG Agents.” Although not alleged in the indictment, access to this group likely provided the hackers with additional information and targets to expand their operation.
The indictment indicates, though, that Iran’s use of phishing emails failed to convince the targets to click malicious links and download malware. The emails are poorly written, with grammatical and spelling errors. And yet, the Justice Department noted, had these efforts succeeded or had a victim inadvertently clicked the link, the operation would “have brought serious damage to the United States.”
In fact, a week earlier, DHS had issued an emergency directive to all federal agencies to take steps to protect their infrastructure from an operation posing “significant and imminent risks to agency information and information systems.” While DHS did not attribute the operation to Iran, the emergency directive coincided with the release of a FireEye report on a global campaign targeting the same infrastructure. The company confirmed that its initial research pointed to Iran.
The Israeli military’s outgoing cyber chief, meanwhile, has been raising alarms about Iran’s cyber capabilities. Brigadier-General Noam Sha’ar toldIsrael Hayom that one of his division’s first operational events was the detection and prevention of an attempt to infiltrate Israel’s home front missile alert system. By corrupting the missile warning system, hackers could have activated false alerts. Even worse, when the system detected incoming rockets, hackers could have prevented sirens from activating so that civilians would not know to take cover.
Sha’ar explained that by tracking Iranian cyber groups, Israel detected the presence of hackers in some of its systems. His division excised the attackers, assessed the damage, determined what reconnaissance Iran had conducted, and reinforced network defenses. In a separate interview, Sha’ar warned that Iran’s expanding capabilities are the most worrying trend in cyberspace.
To be sure, analysts should not inflate Iran’s capabilities. Last year, when a sophisticated and lethal piece of malware was discovered at a Saudi petrochemical plant, news reporting began pointing fingers at Iran. The malware, later linked to the Russian government, targeted industrial control systems and manipulated safety systems that could have caused physical explosions. The misattribution artificially raised alarms about Iranian capabilities.
Still, the United States can ill afford to dismiss Tehran’s capabilities as those of a third-tier cyber actor. An accurate assessment of the threat is the first step to defeating, thwarting, and deterring the Islamic Republic’s cyber army.
Jun 17, 2019 Comments Off on Lawmaker Says Iran Law Empowering Guards Intelligence Adopted Without Vote
Jun 17, 2019 Comments Off on Iranian FM Reaffirms Islamic Republic’s Right to Execute Homosexuals
Jun 16, 2019 Comments Off on Is Iran’s Islamic Revolutionary Guard Corps Responsible For Tanker Attacks?
Jun 14, 2019 Comments Off on Oil tanker attacks will inflame conflict between the US, its allies and Iran
Jun 17, 2019 Comments Off on Israel urges snapback sanctions on Iran if it breaches uranium limit
Jun 17, 2019 Comments Off on Pentagon accuses Iran of shooting missiles at U.S. drones
Jun 17, 2019 Comments Off on Why is Iran targeting tankers in the Middle East?
Jun 14, 2019 Comments Off on Khameini: ‘America Could Not Do Anything’ to Stop Iran from Developing Nuclear Weapons
Jun 17, 2019 Comments Off on Israel urges snapback sanctions on Iran if it breaches uranium limitIsrael urges snapback sanctions on Iran if it breaches uranium limit Israel urges snapback sanctions on Iran if it breaches uranium limit Israeli Prime Minister Benjamin Netanyahu urged world powers on Monday to step up...
Jun 17, 2019 Comments Off on Pentagon accuses Iran of shooting missiles at U.S. dronesPentagon accuses Iran of shooting missiles at U.S. drones Pentagon accuses Iran of shooting missiles at U.S. drones The Pentagon on Sunday accused Iran of attempting to shoot down a U.S. Reaper drone on June 13 as the...
Mar 27, 2019 Comments Off on U.S. sanctions firms accused of helping fund Iran’s Revolutionary GuardsU.S. sanctions firms accused of helping fund Iran’s Revolutionary Guards U.S. sanctions firms accused of helping fund Iran’s Revolutionary Guards The United States on Tuesday imposed fresh sanctions on a network of companies and people in Iran, Turkey and the United Arab Emirates it...