This podcast is the first of a series of podcasts that will focus on specific countries and their publicly affiliated state-sponsored attacks.
The first episode will focus on Iran and will provide a general, brief background of its cyber history. The next episodes will focus on specific incidents or time frames.
Public evidence of cyber conflicts between Iran and the Western counties started surfacing during the first decade. The most famous incident of Iran being hit by a series of cyber attacks was in 2010, when different viruses known as Stuxnet and Flame, took control of the centrifuges in the Iranian nuclear plants and caused them to malfunction.
Over the time, the USA blamed Iran and its government for many offensive cyber campaigns made against the USA, aimed at gaining knowledge and profit.
In 2019, the security firm, FireEye, published a report stating that the Iranians were behind a wave of cyberattacks against infrastructure. It seems that the Iranians are actively mapping the US cyber space to find vulnerable systems that can cause physical damage using cyberattacks.
That is in addition to senior positions in the trump administration who also keep stating the continuous threat that Iran poses to the USA, and its many cyber offensive campaigns.
In 2016, Barack Obama was the first president of the USA to publicly accuse Iran government for of trying to attack the USA by gaining physical control over a dam in upstate New York in a 2013 cyberattack.
if you loo for more details, you will find that Iran indeed tried to gain control, and they had to have some expertise to do that, They managed to take control of the command and control system of the dam remotely using a cellular modem connection they found vulnerable. however, and this is not a joke, before they executed the attack, they forgot to check whether the dam was actually online.
They executed the attack while the system was down for maintenance and nothing happened, as the system was disconnected, and the only thing that did happened was that the US government identified the cyber incident and had proof for the first time of Iranian state sponsored cyberattack aimed at critical infrastructure, and they made it known to the public.
It seems like the US never forgot this cyber incident and over the time, the US became more public about its cyber efforts against to Iran’s attacks.
The USA is not the only country to admit that Iran performed state-sponsored offensive cyber campaigns against it; Israel also admitted that it is constantly targeted by Iran, and some of their campaigns were, at least, partly successful.
Iranian hackers have come very close to infiltrating Israel’s missile warning system in recent years, the Israeli military’s cyber defense head mentioned this to Bloomberg recently.
Brigadier General Noam Shaar, former chief of army’s Cyber Defense Directorate told that his department first detected Iranian activity and began monitoring it to understand their intentions. Once it became clear that they intended to target Israel’s warning system for incoming attacks, they were immediately blocked.
He then said “We dealt with them and built another barrier and another monitoring system to make sure we could stop them if they tried again”.
Iran is also known to be targeting many other countries, however, it seems that the cyber campaigns in other countries are less targeted and aimed for profit. As we covered in previous podcasts, counties that are under sanctions find it easy to make money from running ransomware campaigns.
As time passed by, more and more cyber incidents between nations were and still are being made public.
Things continued to escalate with Iran when during 2018, the United States charged and sanctioned nine Iranians and an Iranian company for attempting to hack into hundreds of universities worldwide, dozens of firms, and parts of the U.S. government, including its main energy regulator, on behalf of Tehran’s government.
the U.S. Department of Justice described the campaign as one of the largest state-sponsored hacks ever prosecuted, stating that the cyberattacks began as early as 2013, with some of them successful.
In the next episode of this series, we will continue to cover Iran’s cyber aspects.
And don’t forget to visit www.cybercure.ai for the latest podcasts on cyber intelligence.