Iran is one of the biggest threats in cyberspace, according to experts who warn that a global response is needed to repel its rising wave of cyberattacks on government and communications infrastructure worldwide, reported Arab News. Iran’s growing digital prowess is part of its “soft war” strategy to spy on adversaries and spread its rhetoric.
“Iran is increasingly active and a growing cyber threat, though it isn’t the most sophisticated actor,” Michael Eisenstadt, Kahn fellow and director of the military and security studies program at the Washington Institute for Near East Policy, told Arab News. “But as past Russian hacking efforts in the US have shown, you don’t need to be technologically sophisticated to hack and then leak emails, causing embarrassment to adversaries.”
In recent months, cybersecurity firms and tech companies have exposed attacks linked to faceless enemies in Iran.
“Cyber holds a certain appeal. Because of the difficulty attributing responsibility for cyber-attacks, it provides Tehran with a degree of deniability. Perhaps most importantly, it allows Iran to strike its adversaries globally, instantaneously and on a sustained basis, and to achieve strategic effects in ways it can’t in the physical domain. In March 2018, the US government designated an Iranian entity, the Mabna Institute, and nine individuals associated with the institute, for operating a massive hacking and cyber-spying operation that targeted hundreds of universities and companies in dozens of countries to steal proprietary data and academic research, presumably to help Iran’s own research and development efforts, to circumvent sanctions, and to compensate for its economic isolation. These activities had been going on for years,” Eisenstadt said.
Michael Eisenstadt also said there were several attempted strikes on Saudi government and private sector entities using the Shamoon 2.0 malware in 2016 and 2017, and on Italy’s Saipem oil services firm (whose biggest customer is Saudi Aramco) in December 2018.
Joyce Hakmeh, a research fellow of cyber policy and co-editor at the Journal of Cyber Policy at the International Security Department at Chatham House, said Iran has been linked to several attacks in the Middle East, including in Saudi Arabia. One of the biggest attacks was identified in 2012, when an Iranian hacker group deployed the Shamoon computer virus to cripple thousands of hard drives at Saudi Aramco.
Hakmeh said while “attribution is a challenge” when it comes to cyber activity, a host of groups have been linked to Tehran’s terror online, including Magic Hound, MuddyWater, APT33, APT34, APT39, Cobalt Gypsy, Rocket Kitten and NewsBeef. Collectively, these have targeted organizations across the Middle East in industries including finance, government, energy, chemicals and telecommunications.
A 2018 report by the Carnegie Endowment for International Peace noted: “While Iran’s offensive cyber operations have required modest resources to develop, they have allowed Tehran to project itself as an emerging cyber power able to cause significant harm to its adversaries. As judged from the evidence of coordination between security agency actions and observed cyber operations, the campaigns of Iranian threat actors almost certainly have a direct relationship with government entities, specifically the Islamic Revolutionary Guard Corps and the Ministry of Intelligence. Attempts to forecast the future of Iranian cyber operations are constrained by the secrecy on the part of the Iranian state about its activities and an uncertain geo-political climate.”
Eisenstadt said when it comes to the biggest threats in cyberspace, the most formidable actors are Russia followed by China, North Korea and Iran. “Iran’s activities in the cyber domain generally serve its broader foreign policy objectives. In some cases, the goal might be to advance Iran’s propaganda line. In others, it might be to steal intellectual property and property information, in order to circumvent sanctions and benefit its own research and development efforts,” he said.
Hakmeh said countries, especially in the Middle East, need to build resilience against cyberattacks by sharing information, preparing strategies and educating people about good “cyber hygiene,” such as changing passwords. “While Iran for some years has been considered a third-tier threat, the threat is considerable. It’s a country to monitor, to keep on the map,” she added. “It doesn’t have the same capabilities as China, Russia or the US, but it has been able to be very destructive.”
While Iran spreads fake news to support its rhetoric against Israel, Saudi Arabia and the US, its more serious attacks are geopolitically motivated, said Hakmeh. “Most of the attacks that Iran has been linked to are for espionage reasons to get a competitive advantage — Saudi Arabia’s petrochemical industry, for example, to see what technology it’s using — or to gain insight into Saudi Arabia’s military capacities so Iran can enhance its own,” she said.
Dr. Johannes Ullrich, dean of research at the SANS Institute, a US company that specializes in information security and cybersecurity training, said: “Iran is believed to maintain a significant effort to conduct offensive cyber operations against its adversaries. It may not be among the most sophisticated, but it’s very aggressive in applying the skills it has. One technique that has been employed in the attacks is domain hijacking. For this attack, an administrator’s password is used to alter settings for an organization’s domain. The attack itself is pretty simple, and the hard part is to get the administrator’s password. It isn’t clear how the administrator password was obtained in these cases, but typically phishing attacks are used. Overall these attacks aren’t terribly sophisticated, but the impact can be huge.”
In recent months, FireEye, a US cybersecurity firm, issued a warning about fake news sites and profiles on Facebook and Twitter that it believed were operated by Tehran as part of its cyber-influence campaign. Such campaigns were also exposed by Twitter, which posted 1 million tweets generated by fake accounts. Facebook said it had deleted dozens of fake profiles.
Experts at the Institute for National Security Studies in the US have said Tehran’s efforts have not been foolproof, with a report noting: “Use of Iranian contact data (such as phone numbers and email addresses), copied content and poor writing has led to their public exposure. Until then, however, Iran managed to reach many people… some contents were viewed by millions of views, and some earned responses by hundreds of thousands of surfers.”
If you require any further information, feel free to contact us: firstname.lastname@example.org