U.S. Government Hit by Major Iranian Cyber Operation
U.S. Government Hit by Major Iranian Cyber Operation
The Department of Homeland Security (DHS) issued an emergency directive on Tuesday to all federal agencies to take immediate steps to combat a campaign to redirect internet traffic to websites controlled by malicious actors.

Although DHS did not link this series of malicious operations to Iran, private cyber threat researchers at FireEye concluded that the evidence points to Iranian sponsorship. This operation follows a trend of global Iranian cyber campaigns, as identified in a November FDD report.
While FireEye could only conclude “with moderate confidence” that Iranian actors were responsible for the operation, the firm noted that the “activity aligns with Iranian government interests.” This is consistent with assessments that the Islamic Republic relies on quasi-independent groups to conduct its cyberattacks. In an in-depth study of the cyber threat landscape in Iran, threat intelligence firm Recorded Future concluded that there is “consistent evidence” that cyber operations emanating from Iran are “government-sponsored.”
The scale of this two-year operation is unprecedented. FireEye discovered related activity dating back to January 2017, predating the Trump administration’s maximum pressure campaign against Iran and the U.S. withdrawal from the nuclear deal between Iran and the international community. “We found at least 50 different organizations affected across at least 12 countries — and that’s just what we’ve found so far,” a FireEye senior manager told The Washington Post.