CyberwarIran may launch cyberattacks in retaliation for new U.S. sanctions

As new U.S. sanctions on Iran’s economy take effect, a desperate Tehran is likely to retaliate with more aggressive cyber attacks on its regional neighbors and expand its global cyber infiltration operations, according to a new study from the Foundation for Defense of Democracies’ Center on Sanctions and Illicit Finance issued today.

FDD says that in Evolving Menace: Iran’s Use of Cyber-Enabled Economic Warfare, authors Frank Cilluffo and Annie Fixler write that Iran responded to previous U.S. sanctions against the Islamic Republic with cyber operations against the U.S. financial sector. And while Tehran eased its overt cyber operations against U.S. targets during Iran deal negotiations, the regime continued its attacks on U.S. allies and its cyber infiltration operations, positioning Iran to potentially launch disruptive and destructive campaigns at the time of its choosing.

The report comes as the United States imposed sanctions against Iranian oil imports, the regime’s most important source of hard currency, on 5 November.

“No nation has felt the full power of U.S. economic coercion quite like Iran, and therefore no regime is better positioned to understand how attacks on economic assets can undermine a nation’s military capabilities,” said Samantha Ravich, senior advisor and Principal Investigator of FDD’s Cyber-Enabled Economic Warfare (CEEW) project. “Iran cannot compete with the United States on the traditional military or economic battlefields. But by using cyber campaigns, the regime has already demonstrated the capacity and will to cause massive economic damage to U.S. allies.”

Cilluffo, director of the McCrary Institute for Cyber & Critical Infrastructure Security at Auburn University and member of the Homeland Security Advisory Council, and Fixler, policy analyst at FDD’s Center on Sanctions and Illicit Finance, write that Iran experienced the power of cyber weapons from the Stuxnet attack on its nuclear infrastructure. As a result, Tehran invested in its own capabilities and leveraged a dispersed hacker community into a full-spectrum regime tool.

The authors write that the Islamic Revolutionary Guard Corps (IRGC) oversees the majority of the Iran’s cyber operations. But rather than establishing an elite hacking unit within the security services, the regime delegates its cyber operations to a series of independent and semi-independent hackers. These cyber actors simultaneously engage in regime-sponsored operations, criminal operations, and legitimate software development.

Recent Iranian cyber operations include the APT Leafminer cyber infiltration against Middle East governments and businesses; global intrusions of universities and U.S. and foreign private companies; the Shamoon 2 malware attack against Saudi government agencies and companies; and the APT33 cyber infiltration and trade secret theft against a U.S. aerospace company, Saudi aviation conglomerates, and a South Korean petrochemical company.

The report contains 10 recommendations to better understand the Iranian cyber threat landscape, strengthen U.S. and allied defenses, and impose costs on Iran for its malicious cyber operations. Among the recommendations:

·  The U.S. and its allies should participate in cyber wargames to build and test interoperability;

·  The U.S. government should provide operational, usable, and actionable information to cleared private sector entities so they can take protective measures; and

·  The U.S. military should be prepared to use cyber and kinetic capabilities to hold at risk the assets that the Islamic Republic most values.

FDD notes that this report is the fourth in a series of studies on the capabilities and strategies of U.S. adversaries to engage in CEEW against America and its allies. The previous reports examined the strategies of the Russian government, Chinese Communist Party, and North Korea’s government.