IranIran’s growing cyber threat

Published 5 January 2018

Incidents involving Iran have been among the most sophisticated, costly, and consequential attacks in the history of the internet, says a new report. The four-decade-long U.S.-Iran cold war has increasingly moved into cyberspace, and Tehran has been among the leading targets of uniquely invasive and destructive cyber operations by the United States and its allies. At the same time, Tehran has become increasingly adept at conducting cyber espionage and disruptive attacks against opponents at home and abroad, ranging from Iranian civil society organizations to governmental and commercial institutions in Israel, Saudi Arabia, and the United States.

Incidents involving Iran have been among the most sophisticated, costly, and consequential attacks in the history of the internet, two Carnegie Endowment researchers write in a new report.

The four-decade-long U.S.-Iran cold war has increasingly moved into cyberspace, and Tehran has been among the leading targets of uniquely invasive and destructive cyber operations by the United States and its allies. The researchers, Collin Anderson and Karim Sadjadpour, write that at the same time, Tehran has become increasingly adept at conducting cyber espionage and disruptive attacks against opponents at home and abroad, ranging from Iranian civil society organizations to governmental and commercial institutions in Israel, Saudi Arabia, and the United States.

Iran’s cyber threat environment

· Offensive cyber operations have become a core tool of Iranian statecraft, providing Tehran less risky opportunities to gather information and retaliate against perceived enemies at home and abroad.

· Just as Iran uses proxies to project its regional power, Tehran often masks its cyber operations using proxies to maintain plausible deniability. Yet there are clear indications that such operations are conducted by Iranians and frequently can be linked to the country’s security apparatus, namely the Ministry of Intelligence and Islamic Revolutionary Guard Corps.

· Iran’s cyber capabilities appear to be indigenously developed, arising from local universities and hacking communities. This ecosystem is unique, involving diverse state-aligned operators with differing capabilities and affiliations. Over the decade that Iranians have been engaged in cyber operations, threat actors seemingly arise from nowhere and operate in a dedicated manner until their campaigns dissipate, often due to their discovery by researchers.

· Though Iran is generally perceived as a third-tier cyber power—lacking the capabilities of China, Russia, and the United States—it has effectively exploited the lack of preparedness of targets inside and outside Iran. Just as Russia’s compromise of Democratic Party institutions during the 2016 U.S. presidential election demonstrated that information warfare can be conducted through basic tactics, Iran’s simple means have exacted sometimes enormous political and financial costs on unsuspecting adversaries.

· The same Iranian actors responsible for espionage against the private sector also conduct surveillance of human rights defenders. These attacks on Iranian civil society often foreshadow the tactics and tools that will be employed against other targets and better describe the risks posed by Iranian cyberwarfare.