With Iran’s growing expertise and willingness to conduct aggressive cyber operations, Dr Vasileios Karagiannopoulos and Dr Iain Reid examine the threat to the US and its global allies.
5 minutes
A feature of the simmering tensions between has been not just the tit-for-tat missile and drone strikes and assassinations, but accusations of waged by Iran.
On April 23, the US Treasury announced it was sanctioning two Iranian companies and four Iranian individuals for conducting against more than a dozen US companies and government organisations. The Treasury alleged that these organisations and individuals had conducted spear phishing, malware and ransomware attacks, which it said aimed to destabilise important national infrastructure in the US.
This followed an announcement in February that it was linked to the country’s military for what it described as attacks on water and wastewater systems in the US.
Identifying the people behind these attacks can . But the US the hacks are perpetrated by “front companies” and hackers operating for Iran’s Islamic Revolutionary Guard Corps Cyber Electronic Command (IRG-CEC).
The main sanctioned company, (MASN) is identified as regularly launching what is known in the cyber world as advanced persistent threat (APT) attacks.
are long-term attacks on high-value targets such as large companies and government organisations.
MASN was linked in 2019 by cybersecurity giant Symantec (now Gen Digital Inc) with a group it called . Symantec said Tortoiseshell had been since at least July 2018. It was linked with cyberattacks against Saudi Arabian IT providers and Israeli shipping, logistics and financial services companies.
Much less is known about the actions of the second sanctioned company, . But from information available online, it claims to be a software and web development company based in Tehran.
Alongside the sanctions, the US government is (£8 million) and a “plane ticket to somewhere new” for anyone having more information about the hackers in question.
The recent announcement follows a wider pattern of the US cybercrime groups it has identified and linked to rogue activity.
By publicly naming these groups, in this instance, the US says it wants to that the IRG-CEC is using these companies for launching illegal cyber-attacks against international targets. But efforts by the US government to deter state-backed hackers working for governments including Iran, China and Russia have yet to bear fruit.
To date, have ever been apprehended to stand trial in the US.
War in all but name
Washington and Tehran have been at loggerheads since the 1979 revolution. The US imposed sanctions against the Islamic Republic when militant students overran the US embassy in the Iranian capital in November 1979 sparking the 400-day hostage crisis.
They have with various levels of intensity. This, despite efforts by the Obama administration to move towards normalisation, with the signing in 2015 of an agreement under which Iran agreed to limit its nuclear programme in return for an easing of sanctions.
Donald Trump .
The first major act of cyberwar between the two countries was, in fact, the , a . Stuxnet drove a wrecking ball through Iran’s nuclear facilities in 2010. The virus manipulated control systems and caused centrifuges to overheat. This caused serious damage and set Iran’s nuclear programme back by years.
This incident marked the beginning of an on-again, off-again conflict between the two countries. In 2016, the US Justice Department . It accused the group of hacking into dozens of American banks as well as trying to take over the controls of a small dam in a suburb of New York.
This was the first time the US had publicly accused the Iranian Revolutionary Guard Corps (IRGC) of involvement in cyber-attacks. But it is thought Iran had been targeting the US financial systems with a “systematic campaign of distributed denial of service (DDoS) attacks” since 2011.
After the US assassinated top Iranian general, Qasem Soleimani, in 2020, the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency published an official guidance, to prepare for a possible wave of cyber-attacks from Iran.
At the time the threat was . One expert wrote in the New York Times that: “Tehran is a capable and prolific actor in the realm of cyberwarfare, but it has no proven ability to create large-scale physical damage through cyberoperations.”
Growing threat
However, in recent years Iran seems to have further developed its cyber capabilities. In 2023, the Office of the Director of National Intelligence’s declared that: “Iran’s growing expertise and willingness to conduct aggressive cyber operations make it a major threat to the security of US and allied networks and data.”
Meanwhile, the ranked Iran as tenth among the 30 countries it investigated in 2022 (up from 23rd in 2020). Additionally, in a that offers a new global metric for cybercriminality, Iran is ranked 11th in relation to the impact, professionalism and technical skills of cybercriminals operating in the country.
In the increasingly murky margins of a world where cybercriminals and governments can overlap, Iran’s increasing sophistication in this field cannot be ignored.
, Associate Professor in Cybercrime and Cybersecurity and Co-Director of the Centre for Cybercrime and Economic Crime, and , Course Leader, MSc Cybercrime,
This article is republished from under a Creative Commons license. Read the .
More articles from The Conversation...
The Conversation is an independent source of news analysis and informed comment written by academic experts, working with professional journalists who help share their knowledge with the world.
Russia has tightened its hold over the Sahel region – and now it’s looking to Africa’s west coast
30 April 2024
5 minutes
Fallout: an expertly crafted TV adaptation that manages to incorporate some of the best elements of gameplay
Peter Howell
25 April 2024
5 minutes
A global plastics treaty is being negotiated in Ottawa this week – here’s the latest
Plastic pollution spans the globe, yet national policies are generally not effective enough, and have so far focused primarily on waste management rather than targeting the root cause. To make matters worse, the global trade in plastic waste tends to push waste to parts of the world with the least capacity to manage it.
Antaya March
23 April 2024
6 min read