Iran TerrorismBeware Iran's Cyber Threat

Beware Iran’s Cyber Threat


Iran Focus

London, 07 Mar – It may be easy for some to underestimate Iran’s cyber threat to the US, given that most analyses describe Iran’s offensive cyber capabilities as fractured, decentralized, and inferior to other states, but make no mistake, what Iran lacks in technique it makes up for in persistence.

In a recent report by the Carnegie Endowment for International Peace, entitled Iran’s Cyber Threat: Espionage, Sabotage, and Revenge, they assess that the majority of Iran’s espionage and sabotage campaigns have been against “soft” foreign targets, but that Iran will “strategically engage in disruptive and destructive attacks”.

Iran’s cyber threat programme is one way for Iran to attack its enemies without the military strength that the US or Saudi Arabia have.

Researcher Collin Anderson assess in a report that these Iranian hacking groups, which are acting under the command of the Ministry of Intelligence and the Islamic Revolutionary Guard Corps, target Iranian dissenters as well as the government and commercial institutions of foreign countries (especially Israel, Saudi Arabia, and the US).

These hacking groups often have overlapping tactics and share resources, including malware, infrastructure, and attack methods. The most significant hacking groups include:

APT33: Discovered in 2017 by cyber security firm FireEye, this group has been launching hacking and spear phishing attacks against aerospace and petrochemical companies in the US, Saudi Arabia and South Korea.

APT34 (aka OilRig or Helix Kitten): Mainly conducts spying and reconnaissance missions against many industries in the Middle East.

APT 35 (aka Newscaster, NewsBeef or Charming Kitten): Creates fake journalist accounts to trick people into visiting phoney websites that secretly downloads malware to track visitors and harvest their information.

What is the US doing?

The US used cyber warfare to attack Iran back in 2007, targeting their nuclear facilities.

The US has also handed down in-absentia federal indictments of seven men- including Hamid Firoozi, was also charged with hacking into the control system of a New York dam- connected to the Iranian government and the IRGC for the DDoS attacks on the US financial sector.

Cyber attacks against the US have gone down in recent years, but many, including Martin Libicki, a senior management scientist at the global think tank organization RAND Corporation, believe this is because Iran is attacking regional foes instead.

Indeed, Iran, which is heavily involved in both the Syrian and Yemeni civil wars, has been attacking Saudi Arabia and the Gulf Cooperation Council who are on the opposite side of the wars.

It is noteworthy that parallel to its malign cyber activities outside Iran, a new report by Iranian opposition coalition, the National Council of Resistance of Iran (NCRI) sheds light on Iran’s desperate campaign to adapt its surveillance and censorship equipment in order to survive now that the internet is so commonplace.

The report, entitled “Iran: Cyber Repression: How the IRGC Uses Cyberwarfare to Preserve the Theocracy”, exposes how Iran covertly and overtly spies on its citizens and spreads propaganda across social media.

The NCRI also provided a list of Regime-created variations of the Telegram app, promoted as Farsi versions, which Iran wanted to trick the public into downloading in order to spy on their internet activity, identify and arrest activists, and introduce malware that would prevent the user from accessing opposition channels.

The most downloaded of the Iran’s apps is Mobogram, developed by Hanista, a front company for the Iranian Revolutionary Guards (IRGC).

Iran even slowed down or blocked traffic to the official Telegram app to force people into downloading their versions.

Iran is specifically targeting Telegram because it has over 40 million users in Iran and was widely used by protesters in the uprising at the start of 2018.

Iran even got its malware-filled apps onto Google Play and Apple’s App Store, which violates the terms of service for both stores. Google has since identified one and removed it, but there are more on there.

Alireza Jafarzadeh, the deputy director of the NCRI’s Washington office, said: “The Iranian regime is currently hard at work to test the success of these apps on the people of Iran first. If not confronted, its next victims will be the people of other nations.”

Jafarzadeh added that the unit responsible for this surveillance is the same one tasked with cyber warfare against the West.

Latest news

Iran’s Pharmaceutical Industry on the Verge of Extinction

In Iran, patients with unique and critical diseases are experiencing intimately suffer from a dire drug and medicine supply...

The Latest Status of Iran’s Nuclear Program

Complexity does not describe the current state of Iran's nuclear program; The situation has become much more complicated, and...

Iran’s People Do Not Buy the Regime’s Economic Promises

Right before Ebrahim Raisi, the Iran regime’s president took the office, he and his economic team introduced a 7000-page...

Protests Continue in Iran With “Death to…” Slogans

During the nomination of his cabinet in the Parliament last year, President Ebrahim Raisi spoke about his priority...

Iran: Instances of Systematic Corruption

—Three board members of the Iran Commerce Chamber have paid a 28-billion-rial down payment and 1.94-billion-rial rent of their...

Truth on the Spread of Addiction in Iran and Regime’s Goals

A citizen from Shiraz, who was a victim of the Iranian regime’s criminal policy, has spoken up about the...

Must read

Iran lawmaker: Fighters in UAE are US-Israeli plot

AP: A prominent Iranian lawmaker says the reported basing...

Rice tells Iranians not to stir up insurgency

The Independent: Iran was warned not to "stir up"...

You might also likeRELATED
Recommended to you