U.S. Sanctions on Iranian Hackers Highlight Growing Concern About the Islamic Republic’s Cyberwarriors

War in All but Name
Washington and Tehran have been at loggerheads since the 1979 revolution. The US imposed sanctions against the Islamic Republic when militant students overran the US embassy in the Iranian capital in November 1979 sparking the 400-day hostage crisis.

They have endured since with various levels of intensity. This, despite efforts by the Obama administration to move towards normalization, with the signing in 2015 of an agreement under which Iran agreed to limit its nuclear program in return for an easing of sanctions.

Donald Trump pulled the US out of the agreement in 2018.

The first major act of cyberwar between the two countries was, in fact, the Stuxnet “worm”, a joint venture between the US and Israel. Stuxnet drove a wrecking ball through Iran’s nuclear facilities in 2010. The virus manipulated control systems and caused centrifuges to overheat. This caused serious damage and set Iran’s nuclear program back by years.

This incident marked the beginning of an on-again, off-again conflict between the two countries. In 2016, the US Justice Department indicted seven Iranian computer specialists. It accused the group of hacking into dozens of American banks as well as trying to take over the controls of a small dam in a suburb of New York.

This was the first time the US had publicly accused the Iranian Revolutionary Guard Corps (IRGC) of involvement in cyber-attacks. But it is thought Iran had been targeting the US financial systems with what the FBI called a “systematic campaign of distributed denial of service (DDoS) attacks” since 2011.

After the US assassinated top Iranian general, Qasem Soleimani, in 2020, the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency published an official guidance, warning US companies to prepare for a possible wave of cyber-attacks from Iran.

At the time the threat was talked down. One expert wrote in the New York Times that: “Tehran is a capable and prolific actor in the realm of cyberwarfare, but it has no proven ability to create large-scale physical damage through cyberoperations.”

Growing Threat
However, in recent years Iran seems to have further developed its cyber capabilities. In 2023, the Office of the Director of National Intelligence’s annual threat assessment declared that: “Iran’s growing expertise and willingness to conduct aggressive cyber operations make it a major threat to the security of US and allied networks and data.”

Meanwhile, the National Cyber Power Index ranked Iran as tenth among the 30 countries it investigated in 2022 (up from 23rd in 2020). Additionally, in a peer-reviewed article published recently that offers a new global metric for cybercriminality, Iran is ranked 11th in relation to the impact, professionalism and technical skills of cybercriminals operating in the country.

In the increasingly murky margins of a world where cybercriminals and governments can overlap, Iran’s increasing sophistication in this field cannot be ignored.

Vasileios Karagiannopoulos is Associate Professor in Cybercrime and Cybersecurity and Co-Director of the Centre for Cybercrime and Economic Crime, University of Portsmouth. Course Leader, MSc Cybercrime, University of Portsmouth. This article is published courtesy of The Conversation.