by Not only the missile and drone strikes and assassinations, but allegations of cyber warfare by Iran are a feature of the simmering tensions between the US, Israel and Iran.
On April 23, the US Treasury announced that it was sanctioning two Iranian companies and four Iranians for carrying out malicious cyber attacks against more than a dozen US companies and government organizations. The Treasury alleges that these organizations and individuals carried out spear phishing, malware and ransomware attacks, which it said were aimed at destabilizing critical US national infrastructure.
This followed an announcement in February that a group of Iranian hackers linked to the country’s military were being sanctioned for “unconscionable and dangerous” attacks on US water and wastewater systems.
Identifying the people behind these attacks is often challenging. But the US is claiming that the hacks are being carried out by “front companies” and hackers operating for the Islamic Revolutionary Guard Corps Cyber Electronic Command (IRG-CEC).
The main sanctioned company, Mehrsam Andisheh Saz Nik (MASN) is identified as regularly launching what is known in cyber-attacks as advanced persistent threat (APT) attacks.
APTs are long-term attacks on high-value targets such as large companies and government organizations.
Cyber security giant Symantec (now Gen Digital Inc) linked MASN in 2019 with a group called Tortoiseshell. Symantec said Tortoiseshell had been active in the Middle East since at least July 2018. It has been linked to cyber attacks against Saudi Arabian IT providers and Israeli shipping, logistics and financial services companies.
Much less is known about the actions of the second sanctioned company, Dadeh Afzar Arman. But from information available online, it claims to be a software and web development company based in Tehran.
Next to the sanctions, is the US government offering a reward of US$10 million (£8 million) and a “plane ticket to somewhere new” for anyone with more information about the hackers in question.
The recent announcement follows a broader pattern of the United States naming and shaming cybercrime groups it has identified and linked to rogue activity.
By publicly naming these groups, in this case, the US says it wants to inform the Iranian public that the IRG-CEC is using these companies to launch illegal cyber attacks against international goals. But efforts by the US government to block state-sponsored hackers from working for governments including Iran, China and Russia have yielded results.
To date, no suspect has ever been arrested to stand trial in the US.
War in all but name
Washington and Tehran have been at loggerheads since the 1979 revolution. The US imposed sanctions against the Islamic Republic when military students stormed the US Embassy in the Iranian capital in November 1979, sparking a 400-day hostage crisis.
They have survived since with varying degrees of intensity. This, despite efforts by the Obama administration to move towards normalization, when an agreement was signed in 2015 under which Iran agreed to limit its nuclear program in exchange for easing sanctions.
Donald Trump withdrew the US from the agreement in 2018.
The first major act of cyber war between the two countries was, in fact, the Stuxnet “worm”, a joint venture between the US and Israel. Stuxnet drove a wrecking ball through Iran’s nuclear facilities in 2010. The virus manipulated control systems and caused centrifuges to overheat. This caused serious damage and set back Iran’s nuclear program for years.
This incident started a repeated conflict between the two countries. In 2016, the United States Department of Justice indicted seven Iranian computer specialists. He accused the group of hacking into dozens of American banks as well as trying to take control of a small dam in a New York suburb.
This was the first time the US publicly accused the Iranian Revolutionary Guard Corps (IRGC) of involvement in cyber attacks. But Iran is thought to have been targeting US financial systems with what the FBI called a “systematic campaign of distributed denial of service (DDoS) attacks” since 2011.
After the assassination of Iranian general Qasem Soleimani in the US in 2020, the US Department of Homeland Security’s Cybersecurity and Infrastructure Agency published official guidance, warning US companies to prepare for a wave of attacks cyber attacks from Iran.
At the time the threat was spoken down. One expert wrote in the New York Times: “Tehran is a capable and prolific actor in the field of cyber warfare, but it has no proven ability to cause large-scale physical damage through cyber operations.”
A growing threat
However, in recent years Iran appears to have further developed its cyber capabilities. In 2023, the Office of the Director of National Intelligence’s annual threat assessment asserted the following: “Iran’s growing expertise and willingness to conduct offensive cyber operations pose a significant threat to the security of US and allied networks and data.”
Meanwhile, the National Cyber Power Index ranked Iran tenth among the 30 countries it investigated in 2022 (up from 23rd in 2020). Additionally, in a recently published peer-reviewed article offering a new global metric for cybercrime, Iran is ranked 11th in terms of the influence, professionalism and technical skills of cybercriminals operating in the country.
On the edge of an increasingly murky world where cybercriminals and governments can overlap, Iran’s growing sophistication in this area cannot be ignored.
This article from The Conversation is republished under a Creative Commons license. Read the original article.
Iain Reid receives funding from the University of Portsmouth. He is affiliated with the British Psychological Society.
Vasileios Karagiannopoulos does not work for, consult with, or own shares in, or receive funding from, any company or organization that would benefit from this article this, and has not disclosed any relevant connections beyond their academic appointment.
