U.S. Monitoring Cyberspace for Signs of Iranian Aggression
“What they’ve lacked in technical prowess they’ve often made up in really, really impressive, creative social engineering,” he said. “They’ve sort of developed a lot of interesting schemes.”
Ramping up Disinformation Campaigns
And once the U.S. airstrike took out Soleimani, the Iranian disinformation machinery went into action.
“As that news came out, we saw them ramp their program and start pushing that stuff out,” Hultquist said.
The disinformation from Iran’s proxy forces in the Middle East further increased Tuesday during Iran’s retaliatory missile strike on Iraqi bases hosting U.S. and coalition forces — “in terms of reports coming in about certain hits that happened and numbers of casualties from the Iranian response,” said Phillip Smyth, an analyst with the Washington Institute for Near East Policy who has been tracking social media activity by the Iranian-backed militias.
But Iran-linked cyber actors have also eyed more ambitious campaigns.
In October 2018, for example, Facebook and Instagram removed 82 accounts, pages and groups from their platforms.
The posts, Facebook said, focused on “politically charged topics such as race relations, opposition to the [U.S.] president and immigration.”
Analysts said while those Iranian disinformation efforts paled in comparison to the campaign run by Russia in the run-up to the 2016 U.S. presidential elections, the effort showed signs of increasing sophistication, which has continued to this day.
Some former U.S. officials and analysts also suspect Iran may be targeting news outlets.
The Kuwaiti government Wednesday said the Kuwait News Agency’s Twitter account was hacked after it posted false reports that the U.S. was withdrawing all troops based in the country.
Separately, hackers claiming to be working on behalf of Iran defaced the website of the U.S. Federal Depository Library Program.
Despite suspicions and concerns, though, officials have yet to definitely attribute either attack to Iran. And there is a risk that such attacks are actually the work of other cyber actors.
For example, former officials said there have been instances in the past where Russian cyber operatives hijacked Iranian infrastructure or malware to launch intrusions of their own.
Targeting Americans
Iran, though, has other tools it can use to strike the U.S. and the West.
“Iranian cyber actors are targeting U.S. government officials, government organizations and companies to gain intelligence and position themselves for future cyber operations,” U.S. intelligence agencies warned in their most recent threat assessment.
The U.S.-based cybersecurity firms FireEye and Symantec have said their research shows Iranian-linked cyber actors have paid particular attention to telecommunications and travel companies, mining them for personal data that could prove useful in such cyber campaigns.
Not everyone, however, is convinced Iran is positioned to launch a major cyber offensive.
“A lot of the doom and gloom headlines that are out there right now, I think, are overblowing or overhyping the immediate cyberthreat coming from Iran,” Hoover Institution Fellow Jacquelyn Schneider said.
“The reality is that Iranians have been conducting these cyberattacks over the last year, if not longer,” she said, adding that while there may well be an uptick in attacks, “they’ve been trying this entire time.”
Still, a former U.S. National Security Agency threat manager cautions even a small cyberattack can inadvertently do widespread damage.
“There’s always the potential that an attack or an intrusion, which is physically or strategically designed to only impact a certain geography or certain network, creeps to other parts of the network,” said Priscilla Moriuchi, now head of nation-state research at the cybersecurity firm Recorded Future.
Jeff Seldin is VOA news reporter. This article is published courtesy of the Voice of America (VOA)
