Cyber Iran – The 2019 conflict

This is the fifth part of a series of podcasts that focuses on the different aspects of Iran’s Cyber abilities. All the information discussed in this podcasts is based on free public information available to anyone on the internet.

To understand Iran, it is necessary to understand its history and culture.Iran is home to one of the world’s oldest civilizations, it was known by its smart people and rich culture over time.

During 1979, The Islamic revolution happened in Iran when a group of rebels took over the government, and from being a free country, Iran became a country ruled by extremist Islamic religious people.

The regime’s extreme ideology looks on other countries as evil, and actively supports efforts to try and destroy other countries. The way Iran works is by what is called Proxies.

Proxies are groups of terrorists that are not affiliated officially with Iran and can perform military operations against other countries and citizens without being officially associated with Iran.

Examples of Iranian government proxy forces can be found in many places.

In Lebanon, the Hezbollah terrorist organization holding hundreds of thousands of rockets is aimed at civilian populations and is awaiting instructions from its sponsors in Iran as it is under the complete control of the regime.

A quick glance.

In the Gaza strip, a terrorist organization called The Islamic Jihad shot over 10,000 rockets at Israeli cites only during the last year also sponsored by Iran.

In Syria, Iran is sponsoring many terrorist groups that are loyal to them, some of them are completely integrated in the Syrian army.

Another proxy force Iran is sponsoring and using is located in Yemen, on the edge of the red sea. This proxy force regularly targets citizens in different Saudi Arabia cities, and is trying to attack critical infrastructure almost daily.

At the beginning of May 2019, the USA decided to increase its financial sanctions against Iran leadership in order to force them to negotiate a better agreement related to Nuclear and ballistic missiles development.

Iran responded with threats saying if they cannot export oil, no country will export oil from the Persian gulf.

Iran publish official threat and warns the USA.

According to multiple sources on the internet, the USA received highly targeted intelligence from one of its allies that showed Iranian ballistic missiles aimed and ready to shoot at different US bases in friendly states.

Those ballistic missiles were placed in Iraq by one of the local proxies Iran is sponsoring,

The difference this time was that the intelligence included pictures of the missiles and their launchers from a very close distance, and there was no way to hide the location they were taken in. In response and as a proactive measure, the USA decided to send an aircraft carrier close to the Persian Gulf in case Iran decided to act on its threats.

The threats were so focused that the secretary of states cancelled a meeting with Germany’s prime minister and flew to Iraq urgently to meet with its leadership.

According to some sources, Iran had an ultimatum to remove the missiles immediately, and within hours after the visit, the Iranian proxies moved all the missiles to a different location, hoping that this time they will be able to do it without being discovered.

Iran’s response came quickly after that, The first attack was against oil tankers, According to the USA, Iran placed and exploded magnetic sea mines on 4 different ships, this is usually done by specially trained soldiers.

The second attack was made day later by the Iranian proxy in Yemen, They managed to send drones to what looked like a distance of more than 1000 kilo-meters to drop bombs on oil pumps at extreme precision, forcing Saudi Arabia to stop pumping oil from the pumps; it resulted in an estimated loss of nearly 10 million US dollars.

Some claims that the response to this attacks arrived later that day when big fires started in an Iranian oil refinery located in Tabriz. According to the sources, the early warning system of the facility was triggered from someone remotely by performing a cyber attack and causing the oil being pumped from the wells to change its direction and be burned in a flame instead of being collected. The attackers hoped the fire of the flame would be so big it would cause physical damage to the facility, however, the results of the incident wasn’t officially published and some claims nothing happened while others says there was significant damage.

If that incident was a cyber attack, that might be the first time terrorist attack is answered by cyber-attack from a state.

Earlier in May, Iran instructed its proxy located in Gaza strip to start shooting missiles at civilian populations in Israel.

Shooting rockets on Israel from houses

One of the attacks that was performed was a cyber-attack aimed at Israel’s critical infrastructure trying to cause damage at the national level (for example, causing power reactors to explode, or disrupting traffic).

Few hours after the cyber incident was identified and blocked by Israel, military planes attacked the physical building the cyber-attack was initiated from, and that was known to be part of the Hamas terrorist organization that is also being partly supported by Iran.

It was the first time that cyber-attack was answered in real time with physical attack to stop or delay the attackers.
Footage of the attack on the Hamas Cyber Unit Offices

During mid-May, the Iranian government repeatedly declared that a full-scale intelligence war is already happening between the USA and Iran and that Iran is winning since the USA afraid to respond. While the US is still trying to convince Iran to go back to the discussions table instead of using armies, it looks like the Iranians answer with daily attacks worldwide.

There are many indications that the Iranian cyber units (and others) are working full time currently to reach critical targets that will allow them to perform surprise cyber attack and declare victory without having to face the USA on the real-world battlefield were the USA have a clear advantage.

Twitter account of engineer in the cyber offensive unit at the Iranian Intelligence APT34.

An interesting development was on the 16th of May when the communications minister published a press release stating that they successfully tested a new type of firewall that is able to prevent cyber-attacks aimed at industrial systems like the cyber-attacks they  experienced before. This might be an indication that quietly and without publicity, Iran think that the USA has already started to perform cyber-attacks against them.

It also might be that everything happening is just what can be seen above the surface, and somewhere, the US and Iran are already in the middle of negotiations for a better future.

Whether there will be a peaceful solution or war for this conflict, cyber is already playing increasingly important roles and is going to play an even more important role in the coming weeks.

That’s it for this podcast, stay safe, and see you in the next podcast.

Don’t forget to visit for the latest podcasts on cyber intelligence.

Leave a Reply