A feature of the increasing tensions between the United States, Israel and Iran has been not only tit-for-tat missile and drone attacks and assassinations, but also accusations of cyber warfare waged by Iran.
On April 23, the US Treasury announced that it had imposed sanctions on two Iranian companies and four Iranian individuals for launching malicious cyber attacks against more than a dozen US companies and government entities. Treasury alleged that these organizations and individuals carried out spear phishing, malware, and ransomware attacks and that they were intended to destabilize critical national infrastructure in the United States.
This follows an announcement in February that it would impose sanctions on a group of Iranian hackers with ties to the country’s military over what it described as “unreasonable and dangerous” attacks on water and wastewater systems in the United States.
It can often be difficult to identify the people behind these attacks. However, the US claims the attacks were carried out by “front companies” and hackers operating for Iran’s Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRG-CEC).
It is stated that the sanctioned parent company, Mehrsam Andisheh Saz Nik (MASN), regularly launches attacks known in the cyber world as advanced persistent threat (APT).
APTs are long-term attacks against high-value targets such as large corporations and government agencies.
In 2019, MASN was associated with a group called Tortoiseshell by cybersecurity giant Symantec (now Gen Digital Inc). Tortoiseshell has been active in the Middle East since at least July 2018, Symantec said. It was stated that this was linked to cyber attacks against Saudi Arabian IT providers and Israeli transportation, logistics and financial services companies.
Much less is known about the actions of the second sanctioned company, Dadeh Afzar Arman. However, according to the information available on the internet, the company is claimed to be a software and web development company based in Tehran.
In addition to sanctions, the US government It promises a reward of US$10 million (£8 million) and anyone with more information about the hackers in question will be given a “air ticket to somewhere new”.
The latest announcement follows a broader pattern of naming and shaming cybercriminal groups that the United States has identified and linked to rogue activity.
In this example, by publicly naming these groups, the United States says it wants to inform the Iranian public that the IRG-CEC is using these companies to conduct illegal cyberattacks against international targets. But U.S. government efforts to deter state-sponsored hackers working for governments including Iran, China and Russia have yet to bear fruit.
To date, no such suspect has been arrested and brought to trial in the United States.
Fight in everything but name
Washington and Tehran have been at loggerheads since the 1979 revolution. In November 1979, the United States imposed sanctions on the Islamic Republic after militant students invaded the U.S. embassy in Iran’s capital, triggering a 400-day hostage crisis.
They have endured at various levels of intensity ever since. This was despite the Obama administration’s efforts to move toward normalization with the signing of a deal in 2015 in which Iran agreed to limit its nuclear program in exchange for sanctions relief.
Donald Trump withdrew the United States from the agreement in 2018.
The first major act of cyber warfare between the two countries was actually the Stuxnet “worm,” a joint venture between the United States and Israel. Stuxnet sent a wrecking ball into Iran’s nuclear facilities in 2010. The virus manipulated the control systems and caused the centrifuges to overheat. This caused serious damage and set Iran’s nuclear program back years.
This incident marked the beginning of repeated conflicts between the two countries. In 2016, the US Department of Justice indicted seven Iranian computer experts. He accused the group of infiltrating dozens of American banks as well as trying to gain control of a small dam in suburban New York.
This was the first time the United States publicly accused Iran’s Revolutionary Guard Corps (IRGC) of involvement in cyberattacks. However, Iran is thought to have been targeting US financial systems since 2011 in what the FBI calls a “systematic campaign of distributed denial of service (DDoS) attacks.”
Following the US assassination of top Iranian general Qasem Soleimani in 2020, the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued official guidance warning US companies to prepare for a possible wave of cyber attacks from Iran.
At that time, threats were made. “Tehran is a capable and prolific actor in cyber warfare, but it has no proven ability to inflict large-scale physical damage through cyber operations,” wrote one expert in the New York Times.
growing threat
However, in recent years, Iran appears to have further developed its cyber capabilities. In 2023, the Office of the Director of National Intelligence’s annual threat assessment declared: “Iran’s growing expertise and willingness to conduct offensive cyber operations make it a major threat to the security of U.S. and allied networks and data.”
Meanwhile, the National Cyber Power Index ranked Iran tenth out of 30 countries it surveyed in 2022 (it was ranked 23rd in 2020). Additionally, a recently published peer-reviewed article offering a new global measure of cybercrime ranks Iran 11th in terms of influence, professionalism and technical skills of cybercriminals operating in the country.
Within the increasingly shadowy confines of a world where cybercriminals and governments overlap, Iran’s growing sophistication in this area cannot be ignored.
This article is republished from The Conversation under a Creative Commons license. Read the original article.
Iain Reid receives funding from the University of Portsmouth. It is affiliated with the British Psychological Association.
Vasileios Karagiannopoulos does not work for, consult, own shares in, or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond his academic duties.