CyberwarHow Iran’s Military Outsources Its Cyberthreat Forces
Two years ago, I wrote that Iran’s cyberwarfare capabilities lagged behind those of both Russia and China, but that it had become a major threat which will only get worse. It had already conducted several highly damaging cyberattacks. Since then, Iran has continued to develop and deploy its cyberattacking capabilities. It carries out attacks through a network of intermediaries, allowing the regime to strike its foes while denying direct involvement.
In the wake of the U.S. killing of a top Iranian general and Iran’s retaliatory missile strike, should the U.S. be concerned about the cyberthreat from Iran? Already, pro-Iranian hackers have defaced several U.S. websites to protest the killing of General Qassem Soleimani. One group wrote “This is only a small part of Iran’s cyber capability” on one of the hacked sites.
Two years ago, I wrote that Iran’s cyberwarfare capabilities lagged behind those of both Russia and China, but that it had become a major threat which will only get worse. It had already conducted several highly damaging cyberattacks.
Since then, Iran has continued to develop and deploy its cyberattacking capabilities. It carries out attacks through a network of intermediaries, allowing the regime to strike its foes while denying direct involvement.
Islamic Revolutionary Guard Corps-Supported Hackers
Iran’s cyberwarfare capability lies primarily within Iran’s Islamic Revolutionary Guard Corps, a branch of the country’s military. However, rather than employing its own cyberforce against foreign targets, the Islamic Revolutionary Guard Corps appears to mainly outsource these cyberattacks.
According to cyberthreat intelligence firm Recorded Future, the Islamic Revolutionary Guard Corps uses trusted intermediaries to manage contracts with independent groups. These intermediaries are loyal to the regime but separate from it. They translate the Iranian military’s priorities into discrete tasks, which are then bid out to independent contractors.
Recorded Future estimates that as many as 50 organizations compete for these contracts. Several contractors may be involved in a single operation.
Iranian contractors communicate online to hire workers and exchange information. Ashiyane, the primary online security forum in Iran, was created by hackers in the mid-2000s in order to disseminate hacking tools and tutorials within the hacking community. The Ashiyane Digital Security Team was known for hacking websites and replacing their home pages with pro-Iranian content. By May 2011, Zone-H, an archive of defaced websites, had recorded 23,532 defacements by that group alone. Its leader, Behrouz Kamalian, said his group cooperated with the Iranian military, but operated independently and spontaneously.
Iran had an active community of hackers at least by 2004, when a group calling itself Iran Hackers Sabotage launched a succession of web attacks “with the aim of showing the world that Iranian hackers have something to say in the worldwide security.” It is likely that many of Iran’s cyber contractors come from this community.
