As the US and Israel continue to strike Iran, its cybercriminals have launched attacks on European systems, and officials are worried that this is just the beginning, writes Politico.
Polish authorities said on the 12th of March that they are investigating possible involvement of Tehran in a thwarted cyberattack on a nuclear research center. On the 11th of March, a powerful Iranian-backed hacking group said it had attacked the American medical equipment manufacturer Stryker, wiping out servers and stealing data. Albanian authorities said on the 10th of March that a group affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC) had managed to access the email accounts of members of parliament.
A series of incidents suggest that one of the West’s greatest cyber enemies has launched a large-scale digital response to the US and Israeli strikes.
Joe Rooke, director of cyber intelligence firm Recorded Future, said Iran is a country with great determination and a fairly broad range of capabilities. If it sees someone as its adversary, Iran can become very aggressive.
The cyberattacks that have occurred fit the scenarios that officials and experts have been warning about
since the end of February. However, at first, Iranian hacking activity was clumsy, and cyberattacks were mainly directed against the Middle East and Persian Gulf countries. Experts have indicated that there were three main reasons for the initial slowness. First, the regime shut down the country’s internet when the attacks began to suppress dissidents, which also complicated the conduct of cyberattacks. Second, Tehran is diverting resources to physical activity, such as missile launches. Third, Iran’s ability to conduct cyberattacks was reduced by attacks on digital systems by Israel and the United States that preceded the strikes. A senior intelligence official, speaking on condition of anonymity, told Politico that Iran would do anything to sow chaos, and that it must be prepared.
Both government and independent Iranian hackers are known to attack Western governments and companies to steal data, spy on them and orchestrate sabotage. Along with Russia, China and North Korea, Iran is considered a serious threat in the digital space.
Cyber analysts have identified nearly a dozen threat groups that operate under direct Tehran’s control. The operations are run by the IRGC and Iran’s Ministry of Security and Intelligence, and their cyber units employ hundreds of people and are funded by millions of dollars.
Tehran also has links to hacker groups in other countries.
Researchers say that it is difficult for Western countries to defend against Iranian cyber threats because they are dispersed. Joachim Wagner, a spokesman for Germany’s BSI cyber agency, said the agency believes that Iranian hacking groups are spread across regions, and that a strike on the command center would not eliminate all threats.
Experts say Tehran’s hackers are not as technically powerful as Russian, Chinese or North Korean cybercriminals, but they are determined, aggressive and well-resourced, and are particularly good at social engineering.
Rooke added that Iranian cybercriminals have average capabilities, but are very determined.
Read also: Iran against US allies: ballistic missiles, criminal gangs and cyberattacks