As the United States completes its withdrawal from the Iran nuclear agreement, security analysts warn of more frequent and dangerous cyberattacks from Iran.
“We are very likely to see Tehran in the coming days and weeks target American interests,” said Brett Bruen, the president of the Global Situation Room, Inc. and the former White House director of Global Engagement. “The most vulnerable and important objective for them are American businesses. They see effecting some economic impact as retribution.”
In May, the Trump administration announced it would exit the nuclear agreement. It fully restored sanctions November 4 that the U.S. had once lifted as part of that deal.
“The desperate regime may become a more aggressive actor both in the virtual and physical world … its hackers can still do serious damage,” said a recent report from the Foundation for Defense of Democracies (FDD). “Even before the U.S. withdrew from the nuclear deal, Iranian hackers appear to have gotten bolder.”
In September, the Associated Press reported a hacking group aligned with the Iranian government launched a major campaign targeting Mideast energy companies, according to FireEye, a security firm.
Analysts also said Iran’s capabilities are evolving and focusing more on using social media to spread false information and skew public opinion.
“Some of those efforts were identified and taken down by social media companies. Many have not been detected or removed,” said Bruen. “The most damaging, as we saw with Russia, is when a country can penetrate networks and then weaponize that information.”
Iranian hackers are suspected of targeting banking websites in 2012, forcing services offline. The Financial Services Information Sharing and Analysis Center is an initiative that coordinates the industry’s defense against threats.
“I think we’ve seen this before so of course we know they are capable … they’ve launched attacks before so we’re just making sure we’re prepared, whether it be them or anybody else,” the center’s president and CEO, Bill Nelson, said of the threat from Iran. “The source of the attack almost becomes irrelevant. It’s more important to defend.”
The FDD report said that while Iran does not have the cyber capabilities of China, Russia or North Korea, Tehran is willing to take greater risks and “cause greater destruction.”
“We are aware of reports claiming that Iran is increasing its cyber hacking activities,” said a State Department official. “The United States is deeply concerned with the Iranian regime’s malicious cyber activity. We express particular concern for cyber activities targeting critical infrastructure that have the potential for disruptive or destructive consequences.”
This summer, the Trump administration overhauled an Obama-era policy, relaxing restrictions on how and when the U.S. can deploy cyber weapons. It is unclear what rules will replace them.
The U.S. has also sanctioned and criminally charged Iranian hackers for targeting American universities and companies.
Iran’s government has denied it engages in these types of attacks, calling its capabilities defensive.
“The Iranian regime prevents its own people from using the Internet in an attempt to bar them from obtaining information or connecting with the outside world,” the State Department official said, “and yet the Iranian leadership uses it freely for their own nefarious purposes.”