Amid an intensifying standoff between Washington and Tehran, hackers linked to Iran have in recent weeks stepped up their operations in cyberspace in what appear to be preparations for possible attacks on U.S. businesses, according to American security firms and government officials.
The increased Iranian activity in cyberspace comes as Tehran announced on Monday that its stockpiles of low-enriched uranium have exceeded limits established in the 2015 nuclear agreement inked by Iran and world powers. The announcement sets the stage for renewed confrontation between Iran and the United States, which may well play out online as Washington and Tehran attempt to inflict pain on one another.
For observers of cyberconflict, Iran’s preparations for an attack represent the possible beginning of a new phase in cyberwarfare, in which countries trade tit-for-tat attacks in cyberspace.
Late last month, President Donald Trump canceled a planned strike on Iran intended to retaliate for the shootdown of a U.S. drone near Iranian airspace. With the American attack projected to kill 150 Iranians—which the president said would not be “proportionate”—Trump found a ready, less bloody option by striking back at Iran through cyberspace. Those attacks reportedly targeted Iran’s intelligence units behind the tanker attacks and knocked command and control systems for the country’s missile systems offline.
Projecting power through cyberspace is now a method of statecraft, but it usually involves one country striking another rather than a skirmish. “We’ve never really seen a back-and-forth between two countries,” said Sergio Caltagirone, the vice president of threat intelligence at the cybersecurity firm Dragos and a veteran of the U.S. National Security Agency (NSA).
Should Iran strike back against the United States, “we are seeing the dawn of cyberwar,” Caltagirone said.
Iran has retaliated against the United States in cyberspace before, striking the oil giant Saudi Aramco in 2012 in an apparent retaliation for an American cyberoperation aimed at damaging Iran’s nuclear infrastructure. But recent Iranian preparations raise the prospect of more immediate, fast-paced exchanges, and U.S. cybersecurity firms have in recent weeks observed the escalating Iranian activity with alarm.
Beginning the week of June 11, around the time of the first of a pair of attacks on ships in the Gulf of Oman that U.S. officials have blamed on Iran, Iran-linked hackers began targeting energy and financial companies in an attempt to establish access on their networks.
The attacks relied on spearphishing, the use of a targeted email to get a user to click on a link to download malware or give up his or her credentials, and password spraying, a type of brute-force attack in which a hacker tries a number of different passwords to gain access to an account.
“It was wide and loud and against the U.S., which we hadn’t seen them do in 2019,” said Ben Read, the senior manager for cyber-espionage analysis at the security firm FireEye.
The Iranian attempts to gain access to the computer systems of key American firms has also caught the attention of the U.S. government, which is warning U.S. businesses to be on guard.
Source » foreignpolicy