Image: Press Office of Iranian Supreme Leader/Anadolu Agency/Getty Images
When Iranâs Supreme Leader Ayatollah Ali Khamenei warns âharsh retaliation is waitingâ for the U.S. after the assassination of its most powerful general, you can expect a mixed bag of vengeance.For decades General Qassem Soleimani, leader of the elite Quds Force and a commander in the Iranian military branch of the Islamic Revolutionary Guard Corps (IRGC), revolutionized the covert warfare strategies of Iran by orchestrating proxy conflicts across the Middle East. During his time as the top military and intelligence figure in Iran, the country also oversaw a major increase in its cyber capabilities.While no one knows what comes next, Iran is likely capable of bombings, missile strikes, and mobilizing its military proxies across the region. And recent history shows that its hackers are also increasingly capable of cyber attacks.Itâs widely believed that the American-Israeli Stuxnet operation that covertly knocked out Iranâs nuclear program in 2009 was a serious wake-up call for Tehran to invest in its hacker force. Since then, the country has slowly shown through its own investments that it is a middling-yet-formidable cyber power with the tools to do real damage.Like any nation state with decent hackers, Iran uses its varying cyber capabilities for everything from critical infrastructure hacking and stealing intellectual property to classic espionage.Robert Lee, a former NSA analyst and founder of critical infrastructure intelligence company Dragos, said that while Iran isnât the most powerful cyber power, it shouldnât be underestimated.âIran has been steadily growing their cyber capabilities over the years and while they may not be as capable as some they have shown a desire and willingness to be aggressive and disruptive,â he told Motherboard.In whatâs believed to be one of Iranâs first major cyber attacks, in 2012 its hackers knocked out more than 30,000 computers of what is now the most valuable business in the world, the Saudi state oil company Saudi Aramco, preventing it from exporting its crude in one of the costliest hacks ever at the time.The Saudi Aramco operation used data-wiping malware known as "Shamoon" that targeted the administrative computers of the company, not the industrial control systems used in oil production machinery; the latter would have been a more elaborate and sophisticated attack. But a recent Wired report shows Iranian hackers are increasingly focusing their attacks on critical infrastructure and the physical systems controlling things like oil refineries and electric utilities.Stateside, an operation from 2011 to 2013 by alleged Iranian hackers caused millions in lost profits after they targeted American banks with repeated distributed-denial-of-service attacks, then hacked into a tiny dam in upstate New York (but werenât able to compromise it), garnering a slew of indictments in 2016 against IRGC operatives based in Iran.Then, in the summer of 2018 physical explosions were nearly caused at a petrochemical plant in Saudi Arabia, which was originally thought to be an Iranian hacking operation against its regional enemy, but was later attributed to Russia with possible Iranian input. And in October, alleged Russian government hackers were accused of hijacking Iranian hacking groups to cloak their identities from being detected. Given that hacking operations are already difficult to attribute and ongoing fears of Russian hacking in the USâsome founded, others notâRussia's potential use of Iranian hacking infrastructure is alarming to Priscilla Moriuchi, Director of Strategic Threat Development at the private intelligence firm Recorded Future.âThe recent documented instances of Russian state-sponsored groups hijacking and utilizing Iranian infrastructure for cyber operations will also likely cause increased uncertainty and possibly confusion for victims,â she said to Motherboard in a statement. (Recorded Future was once funded by the CIA, so as with everything hacking-related, take finger-pointing with a grain of salt.) âIt is less clear today that operations utilizing known and tracked Iranian cyber infrastructure are actually being run and directed by the Iranian government.âLee thinks critical infrastructure companies should be vigilant considering the United States's massive escalation in killing Soleimani.âCompanies should be proactively looking for the tradecraft exhibited by such groups before and be in a heightened sense of security but not overly alarmed,â he said. âNo one knows what will happen next and itâs important to be prepared but not freaking out. If companies havenât made investments to date their best bet is starting with an incident response plan and thinking through future efforts.âOn the espionage side, Iranian hackers have been linked to stealing the intellectual property and data of universities within the U.S. and its allies, which led to the Department of Justice indicting nine Iranian hackers linked to the IRGC in 2018. Shortly after that, President Trump pulled out of the Iran Nuclear Deal, causing a slew of activity emanating from Iranian hackers targeting everyone from American nuclear workers to politicians linked to negotiations between both countries as Tehran scrambled to learn more about the dissolution of the treaty.Stephanie Carvin, assistant professor of international affairs at Carleton University and a former analyst for Canadaâs spy agency, said Iran has been âalarmingly ambitious in developing its malicious cyber capabilities.ââCloser to home we have seen that Iran has infiltrated Western critical infrastructure, including banks, dams, and universities,â she said. "A major worry for western governments is that these could be potential targets in any retaliatory operation.â
Advertisement
Advertisement
Advertisement