London, 19 Dec – Under extreme pressure from Washington, Iran continues to engage in cyber warfare rather than in direct military conflict with the United States and its allies. It retaliates with cyber weapons, that pose a threat to companies and organizations in the Middle East and beyond.
However, the malware tool Stuxnet, linked to the United States and Israel, is more powerful than Shamoon, used by Iran. Because defense is more difficult than offense, the United States is vulnerable to cyberattacks, but if its power were unleashed on Iran, it would be devastating.
The Iranians have been surveilling critical infrastructure in the United States and the West for many years. Meanwhile, the Americans and their allies have conducted similar reconnaissance of Iran’s infrastructure.
U.S. Director of National Intelligence, Dan Coats, when speaking at the Aspen Security Forum in July 2018, noted that Iran was making preparations to target electrical grids, water plants, health care, and technology companies in the United States, Europe and the Middle East.
Cyberwar plans must be updated as changes in operating systems and security measures occur. The Hezbollah militant group scrutinizes targets, looking for vulnerabilities and possible pathways for attack, and keeps this information for later cyber attacks.
Iranian attacks against government targets and private companies and organizations seem likely to increase. Last week, the Italian oil services company Saipem announced that it had been hit by a cyberattack that indicated an Iranian connection because it used a variant of the Shamoon malware.
As well, Certfa, the London-based cybersecurity firm that specializes in tracking Iranian activity in cyberspace, published a report documenting the efforts of an Iranian advanced persistent threat (APT) group, “Charming Kitten”. The group attempted to launch a phishing attack against the U.S. financial infrastructure. U.S. sanctions and the recent expulsion of Iran from SWIFT, the Brussels-based organization that facilitates global financial transactions has APT groups targeting US financial institutions.
Iran has a history of operations where it dispatches members of its Islamic Revolutionary Guard Corps, Ministry of Intelligence and Security, or Hezbollah to conduct surveillance of U.S. targets in hopes of being “caught out”. By being “caught”, Iran lets the United States know that Tehran can make retaliatory strikes on vulnerable targets if Washington attacks Iran. Iran frequently uses militant proxies such as Hezbollah to do its dirty work and to provide a degree of plausible deniability.
So, although outright cyberwar with Iran is unlikely, Tehran can be expected to escalate its current lower-level operations. Over this past year, Iran has improved it cyber warfare capabilities and will continue to do so in 2019, in response to greater U.S. sanctions.