© UnknownIranian cyber attack
The United States' will-they-or-won't-they policy towards military intervention in Iran crystalized over the weekend when the Trump administration gave the green light to target Iranian nuclear infrastructure.
B2 stealth bombers launched from the US mainland dropped bunker-buster ordnance on three of Iran's deeply buried nuclear facilities, drawing praise and condemnation in almost equal measure.
Iran has now said
the US "must receive a response" in the wake of the attacks, but what that response might be remains to be seen.
While a military response, targeting US assets in the region, is possible, another, more likely scenario could be a stepping up of Iranian cyber activity.John Hultquist, chief analyst at Google Threat Intelligence Group, said in a recent statement to Defence Connect's sister-publication,
Cyber Daily:
"In light of recent developments, the likelihood of disruptive cyber attacks against US targets by Iranian actors has increased. In recent years, Iran has primarily focused this activity on Israel, especially following October 7th. Those incidents offer useful insight into the capability and limitations of Iranian actors."
However, while an increase in cyber attacks is likely, their impact may be hard to judge in advance.
Hultquist said:
"Iran has had mixed results with disruptive cyber attacks, and they frequently fabricate and exaggerate their effects in an effort to boost their psychological impact. We should be careful not to overestimate these incidents and inadvertently assist the actors. The impacts may still be very serious for individual enterprises, which can prepare by taking many of the same steps they would to prevent ransomware."
Hacktivist groups are already likely beginning to launch distributed denial-of-service (DDoS) campaigns in the wake of the US attacks, but Iran's state-sponsored activity is more focused on espionage.
Hultquist continued:
"Iran already targets the US with cyber espionage, which they use to directly and indirectly gather geopolitical insight and surveil persons of interest. Persons and individuals associated with Iran policy are frequently targeted through organisational and personal accounts and should be on the lookout for social engineering schemes.
"Individuals are also targeted indirectly by Iranian cyber espionage against telecoms, airlines, hospitality, and other organisations who have data that can be used to identify and track persons of interest."
Comment: Pro-Iran hackers are back at work after air strikes, targeting U.S. banks, defense contractors, and oil companies:
Hackers backing Tehran have targeted U.S. banks, defense contractors and oil industry companies following American strikes on Iranian nuclear facilities — but so far have not caused widespread disruptions to critical infrastructure or the economy. But that could change if the ceasefire between Iran and Israel collapses or if independent hacking groups supporting Iran make good on promises to wage their own digital conflict against the U.S., analysts and cyber experts say.
Hacking operations are much cheaper than bullets, planes or nuclear arms — what defense analysts call kinetic warfare. America may be militarily dominant, but its reliance on digital technology poses a vulnerability.
Two pro-Palestinian hacking groups claimed they targeted more than a dozen aviation firms, banks and oil companies following the U.S. strikes over the weekend. The hackers detailed their work in a post on the Telegram messaging service and urged other hackers to follow their lead, according to researchers at the SITE Intelligence Group, which tracks the groups' activity. The attacks were denial-of-service attacks, in which a hacker tries to disrupt a website or online network. "We increase attacks from today," one of the hacker groups, known as Mysterious Team, posted Monday.
While it lacks the technical abilities of China or Russia, Iran has long been known as a "chaos agent" when it comes to using cyberattacks to steal secrets, score political points or frighten opponents. Cyberattacks mounted by Iran's government may end if the ceasefire holds and Tehran looks to avoid another confrontation with the U.S. But hacker groups could still retaliate on Iran's behalf.
In some cases, these groups have ties to military or intelligence agencies. In other cases, they act entirely independently. More than 60 such groups have been identified by researchers at the security firm Trustwave.
Economic disruption, confusion and fear are all the goals of such operations, said Mador, who is based in Israel:
"We saw the same thing in Russia-Ukraine. While Iran lacks the cyberwarfare capabilities of China or Russia, it has repeatedly tried to use its more modest operations to try to spy on foreign leaders — something national security experts predict Tehran is almost certain to try again as it seeks to suss out President Donald Trump's next moves."
Last year, federal authorities charged three Iranian operatives with trying to hack Trump's presidential campaign. It would be wrong to assume Iran has given up those efforts, according to Jake Williams, a former National Security Agency cybersecurity expert.
"It's fairly certain that these limited resources are being used for intelligence collection to understand what Israel or the U.S. might be planning next, rather than performing destructive attacks against U.S. commercial organizations."
Comment: Pro-Iran hackers are back at work after air strikes, targeting U.S. banks, defense contractors, and oil companies: