Through the darkness of the pathways that we march, evil and good live side by side and this is the nature of life. We are in a continuous imbalance and inequivalent confrontation between democracies worldwide to play by the rules and entities who think democracies are a joke. It is a battle of the wits between some of the world’s superpowers.
Almost a decade ago, Iran’s nuclear program at Natanz was targeted in a classified covert operation known as “Operation Olympic Games”. The target weapon became known to the world as Stuxnet, built by Israel’s Intelligence Corps Unit 8200 in collaboration with US NSA’s Tailored Access Operations TAO/Access Operations (AO-S326) and with the support of Remote Operations Center (ROC-S321). The weapon was handled and executed by CIA’s Center for Cyber Intelligence (CCI). Stuxnet wasn’t just about crippling Iran’s nuclear efforts — it was a show of might, power and control.
Iran has been one of the most consistent digital adversaries of the United States in the last decade. It is also amongst the most nettlesome, with cyber professionals targeting a broad swath of infrastructure from hospitals, banks and telecommunication systems to defense sector and government agencies. These digital strikes demonstrate patterns which reveal how the Iranian government uses its cyber space capabilities in an evolving tit-for-tat conflict.
Recent leaks of state sponsored APT-34 commonly known as “OilRig” by Lab Dhookhtegan (“Sewn Lips” in English) highlight the vast arsenal of cyber weapons Iranian Ministry of Intelligence (VAJA) holds.
As tensions escalate between the US and Iran following the downing of a US Navy Broad Area Maritime Surveillance (BAMS-D) intelligence, surveillance, and reconnaissance aircraft, specifically a RQ-4A Global Hawk high-altitude, long-endurance (HALE) military drone last week and cyber-attack launched by USCYERCOMM on IRGC; Iran is elevating its efforts to damage the US interests through destructive malware attacks on industrial and government networks.
With the use of “wiper” attacks, they are not only targeting US companies’ but aiming to do more than just stealing data and money. These cyber space attacks are usually enabled through password spraying, credential stuffing and spear phishing. Tehran-backed miscreants have gone from simply attempting to harvest blueprints, sensitive data, and account credentials from American systems, to now actively working to wipe clean Uncle Sam’s PCs, servers, and network infrastructure.
Rather than covertly and silently snooping on Western computers, Iranian hackers are making their presence known loud and clear, by trashing file systems, and thus sending a message to the White House. East Coast has experienced large internet outages in the last week due to increased malicious cyber activity by Iran.
“We were once penetrated, never again – this time our enemies will see our might” says Irani Intelligence official. The evolution of Iranian cyber capabilities did not occur overnight or in a vacuum. It took them a decade to develop in a crucible of real-world activities and consolidated in lessons learnt from experiencing the external threats and attacks against their government and nuclear infrastructure. The opaque nature of the regime makes it difficult to classify precisely the extent of Iran’s defensive and offensive cyber capabilities. Supreme Council of Cyberspace, Cyber Defense Command, Iranian Cyber Army, and Basij Cyber Council are the key pillars of Iran’s cyberspace capabilities.
In the last few years, Iran has been increasingly developing into a ‘first-tier cyber power.’ Iran has undoubtedly managed to build a cyber-capability which rivals and, in some cases, surpasses the US, Russia, United Kingdom, China and Israel who are the dominant players in cyberspace. Iran’s cyber offensive capabilities have evolved from data destruction and DDOS attacks to specifically targeting social engineering and sophisticated campaigns for cyber espionage and ICS infrastructures probes. Olympic Games (Stuxnet) served as a catalyst in kickstarting Iran’s cyber program.
Less than two years later, the Islamic Republic of Iran retaliated against US economic sanctions with series of cyberattacks on US banks along with regional rival Saudi Arabia’s oil company Saudi Aramco. Through all these cyber campaigns, Iranian hackers were able to hone their skills on pre-positions assets and soft targets for future conflicts, both cyber and otherwise. More importantly, Iran is also engaged in sponsoring the cyber-capabilities of terrorist organizations in Yemen, Lebanon and Syria.
The CIA’s communications have suffered multiple catastrophic intelligence compromises by hands of Irani sponsored APT’s, one senior CIA Intelligence official expressed, “Heads should roll because of events like this where there’s a compromise in communication networks it results in agents getting killed. But to protect people’s careers and egos, we buried counterintelligence problems.”
A recent explosion in Philadelphia Energy Solutions Refining Complex which sources are claiming was a result of kinetic cyber-attack by Iranian APT’s. In 2015, a group tied to the Iranian Revolutionary Guard Corps used spear-phishing attacks to compromise computers at the US State Department, stealing data that may have led to the arrest of multiple Iranians holding dual US citizenship. APT’s (FireEye-33,34,35,39), Cyber fighters of Izz Ad-Din Al Qassim, Cisco Group 26, 41, 83, Madi & Shamoon are some of Irani sponsored groups/actors working offensively in cyber space.
Cyber space operations entail less risk and offer Tehran with immense options not provided by any other legs of its current triad. Iran is at this very stage considering the cyberspace battlefield to disrupt US command and control, missile defense, naval and aerial unmanned systems and logistics which are hosted on classified computer networks. The present network reconnaissance activities suggest that Iran is trying to develop contingency plans to attack and cripple US’ critical infrastructure.
Iran is seen as a matured cyber adversary which poses a formidable threat to the US national security. Reeling from sanctions and already inclined to destructive and aggressive cyber and non-cyber malign activities, the Iranian regime may become a more aggressive player in both the digital and physical world.
*About the authors
- Hammaad Salik is an entrepreneur, and the founder of Strategic Warfare Group. His expertise is in Cyber Warfare Operations & Kinetic Warfare. His interest lies in ensuring factual well researched information reaches the public and that cyberspace is safe for all. He can be reached at [email protected]
- Zaheema Iqbal is a senior cyber security policy researcher at National Institute of Maritime Affairs, Bahria University Islamabad. Her research interest includes Cyber defense planning, cyber terrorism and cyber threats to critical infrastructure. She can be reached at zaheemaeckb[email protected]