Iran is one of the four nations that pose the highest cyber threats to the United States, along with China, Russia, and North Korea.
On Saturday, January 4, 2020, the U.S. Department of Homeland Security issued a warning on its National Terrorism Advisory System Bulletin, on terrorism threat by Iran, a state that has been listed as a “State Sponsor of Terrorism” since 1984. Last year, on April 15, 2019, the U.S. had designated Iran’s Islamic Revolutionary Guard Corps (IRGC) as a Foreign Terrorist Organization for its direct involvement in terrorist plotting.
The day after the new year, the United States killed Qassim Solemani, the commander of the IRGC, the Quds Force, in an airstrike in Iraq. This action was taken to protect the U.S. Embassy and its personnel in Baghdad, as Solemani was actively developing plans to attack American diplomats in Iraq. The killing of the Iranian general, who was a hero to the Iranian regime, heightened tensions between Iran and the U.S, and the Iranian regime issued a number of threats and warnings indicating their intentions to get revenge.
As Iran maintains a strong cyber program, one of the main suspected avenues in which Iran can attack the United States is through cybersecurity attacks. Iran’s cyber program, at the very least, is capable of temporarily disrupting critical infrastructure in the United States. Hence it has become crucial for the U.S. Department of Homeland Security to work closely with various government agencies as well as partner with the private sector to detect and defend against threats.
In what ways can national information be compromised through Iran’s cybersecurity attacks?
Iranian cyber actors can not only target U.S. Government officials and organizations, but also large companies’ corporate networks and disrupt its operations for days to weeks.
While only Russia and China have been regarded as nations that can disrupt critical infrastructure like gas lines or power grids, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that Iran is continuously improving its cyber attacking capabilities. Iranian “hacktivists” – hackers with political motives – have demonstrated an intent to move further to include attacks using “destructive wiper malware” and “cyber-enabled kinetic attacks.” Destructive wiper malware is a type of malicious software designed to entirely wipe out systems with no way to recover data. Cyber-enabled kinetic attacks hijack systems that connect the cyber world to physical objects such as factories, cities, homes, and cars. Through Iran’s cyberattacks, Iran is capable of espionage, destructive attacks, and social media manipulation. In these three areas, security companies track different Iranian hacking groups under the Advanced Persistent Threat (APT) model. There could be as many as 10 different Iranian groups in operation, but the ones tracked are APT33, APT34, APT35, and APT39.
To understand the extent and range of Iran’s cybersecurity attacking capabilities, cybersecurity companies have informed that while Iran’s cyber attacking capabilities are relatively sophisticated and launches multiple espionage campaigns every month, they have not seen the deeply destructive catastrophic events, as most of the breaching has resulted in stealing data and login details, instead of doing damage. However, while things have been limited to cyber spying and data collection, the U.S. is very wary of data-wiping, as Iranian hackers are very capable of it. Thus, with the start of the new year, the Department of Homeland Security is increasing its cyber detection and defensive measures against cyber intrusion and damage by Iranian hacking groups.
Contact LIFARS Today
For Incident Response Services