By Majid Rafizadeh
February 25, 2019
While the Iranian regime’s military adventurism and increasing efforts to ship advanced weaponries to militia and terror groups across the region have grabbed international headlines, Tehran’s decision to renew its cyberattacks against foreign entities is receiving less attention.
According to an in-depth report published by the New York Times last week, Iran’s cyberattacks against the US have increased significantly, becoming more sophisticated and intense. The article states: “Recent Iranian attacks on American banks, businesses and government agencies have been more extensive than previously reported. Dozens of corporations and multiple United States agencies have been hit, according to seven people briefed on the episodes.”
One of the major reasons for Iran’s intense cyberattacks on American banks, businesses and government agencies is most likely linked to the US’ withdrawal from the Joint Comprehensive Plan of Action, commonly labeled as the Iran nuclear deal. When the US pulled out of the nuclear deal, the US Department of Justice leveled robust sanctions against governmental organizations in Iran, as well as the banking, energy and financial sectors.
In addition, the Donald Trump administration has been attempting to squeeze Iran’s oil exports through diplomatic pressure. This initiative, as well as the renewed sanctions, has enraged the Iranian leaders since the country’s oil exports and revenues have been substantially reduced.
Data reveals that Iran’s oil exports gradually decreased in 2018, reaching 1.1 million barrels per day in December, which was only 60 percent of what it sold a year before. Iranian President Hassan Rouhani had warned Washington that: “If Trump implements his threat to squeeze Iran’s oil exports, Tehran is prepared to escalate against the US… This is a core issue of national security behind which there is growing backing from the political establishment.”
In addition to the New York Times report, online security firm FireEye also recently warned the US of Iran’s intense cyberattacks. FireEye utilized several methods, such as locating Internet protocol (IP) addresses, to track where cyberespionage activities originated. Its investigation into cyberattacks repeatedly pointed toward Iran. The FireEye report clearly specified: “Preliminary technical evidence allows us to assess with moderate confidence that this activity is conducted by persons based in Iran and that the activity aligns with Iranian government interests. FireEye Intelligence identified access from Iranian IPs to machines used to intercept, record and forward network traffic. While geolocation of an IP address is a weak indicator, these IP addresses were previously observed during the response to an intrusion attributed to Iranian cyberespionage actors.”
The Iranian hackers target many sectors in the US, including government agencies, businesses, and private and public institutions. One such incident, which took place in March last year, included a series of cyberattacks that crippled the city of Atlanta by targeting its hospitals, schools, state agencies and other institutions. US banking systems have also been attacked at an unprecedented level and the websites of institutions such as Bank of America, JPMorgan Chase, Wells Fargo and Citigroup have been impacted.
According to US officials, the level of sophistication involved pointed to the Iranian government. In 2016, the Justice Department also indicted seven Iranian citizens for distributed denial of service attacks against 46 companies, mainly in the financial sector.
Indeed, Iran’s cyberwarfare program, which was initiated nearly seven years ago, has become remarkably advanced. According to the World Economic Forum: “Iran is rapidly developing its cyber capabilities and is thought to be behind several major attacks.” Tehran’s cyberwarfare program is directed by the Supreme Council of Cyberspace and is believed to be an indispensable pillar of the Islamic Revolutionary Guard Corps (IRGC) and Iran’s foreign policies.
Through cyberattacks, and particularly through extortion, the Iranian hackers can make financial gains. But, more importantly, accomplishing the regime’s security and geopolitical objectives appears to be a priority.
From the perspective of the Iranian leaders, inflicting economic and security damage on the US government and non-governmental institutions through cyberwarfare is the most efficient method compared to other alternatives. As Abdollah Araqi, the IRGC’s deputy commander of ground forces, stated, according to the Iranian Students’ News Agency: “We have armed ourselves with new tools because a cyber war is more dangerous than a physical war.” Furthermore, the Iranian leaders are cognizant of the fact that carrying out cyberattacks is less costly and a safer option than becoming engaged in direct military confrontations.
But it is important to point out that the US is not the only country that Iran’s hackers target. Saudi Arabia, Jordan, Turkey, the UAE and some European nations have been continuously targeted by Iran-backed hacking groups. Last month, Prime Minister Benjamin Netanyahu accused Iran of launching cyberattacks on Israel every day.
The resurgence of Iran’s cyberattacks is alarming. These attacks against foreign governments, businesses, hospitals and schools are more intense than was previously thought. The international community must take the issue seriously and hold the Iranian regime accountable.