Is the US at risk from Iranian cyberattacks?
Iran is firing missiles and drones in retaliation for the massive airstrikes that the United States and Israel launched Saturday against the Islamic Republic. But many online are wondering whether Iran might extract another type of reprisal: cyberattacks against U.S. computer systems.
The military campaign, dubbed “Operation Epic Fury,” has cybersecurity firms monitoring for both state-sponsored and ideologically driven hackers.
While rumor and speculation are rife on social media, experts who spoke with Straight Arrow News agreed that the Iranian government — at least for the time being — is not preparing to conduct cyberattacks against the U.S.
Alexander Leslie, senior advisor at the cybersecurity firm Recorded Future, said his team has “not observed any direct evidence of reconnaissance, espionage, or destructive cyber operations attributable to Iranian state-linked actors.”
“The current posture appears largely defensive,” Leslie told SAN. “We are observing a drop in inbound and outbound network traffic to and from Iran, and widespread internet shutdowns are likely limiting both operational coordination and external visibility.”
Netblocks, an independent internet monitoring group, says the Iranian government has shut down virtually all online traffic inside the country since the airstrikes began Saturday. The government imposed a similar internet blackout in January when massive protests erupted over worsening economic conditions.
Hacktivists claim attacks
Adam Meyers, head of counter adversary operations at the cybersecurity firm CrowdStrike, told SAN that his firm had not witnessed any “large-scale state-sponsored cyber campaigns” as of Monday afternoon.
Meyers said the limited response from Iran, which typically relies on cyber proxy groups to amplify its campaigns, may be due in part to “disruptions to communications infrastructure, chain of command, and leadership visibility.”
“At this stage, much of the activity being publicized appears to be claim-driven rather than evidence-backed,” Meyers said.
The source of such claims has derived primarily from hacktivist groups that, while not linked directly to the Iranian government, have aligned interests.
Nandakishore Harikumar, CEO of the threat intelligence company FalconFeeds.io, provided SAN with a list of hacktivist groups that claim to have carried out at least 15 distributed denial-of-service attacks, designed to overwhelm web servers with traffic, against U.S.-based websites since Saturday. Experts say the attacks, which also include website defacements, have had little to no effect on the ongoing conflict.
Leslie, the senior advisor at Recorded Future, described the alleged actions by hacktivist groups as little more than “nuisance-level activity.”
“Several groups remain active on social media, but they have not claimed responsibility for any notable disruptive or destructive operations,” he said. “There have been claims of DDoS attacks and website defacements against minor targets; however, many of these claims are either short-lived or unverified, and none have resulted in meaningful disruption.”
CrowdStrike similarly noted “an increase in opportunistic hacktivism and low-level disruptive activity designed to generate attention.” Although attacks at this time are largely trivial, Meyers said that organizations in sectors related to critical infrastructure and finance should nevertheless remain vigilant for any activity that moves “into more coordinated or destructive operations.”
If the Iranian government were to carry out cyberattacks against the U.S., according to Leslie, the tactics would likely be an amplified version of the nuisance-level activity already being witnessed.
“Historically, sectors most at risk in similar scenarios have included government agencies, defense contractors, critical infrastructure entities, financial services, and organizations perceived as symbolically aligned with U.S. or Israeli policy,” Leslie said.
US targets Iranian systems
While the Iranians may not have pulled off cyberattacks, the U.S. has tried to take down Iranian systems while also launching the airstrikes.
Gen. Dan Caine, the chairman of the Joint Chiefs of Staff, said during a press conference on Monday that Iranian communications networks were targeted just before the airstrikes.
“Coordinated space and cyber operations effectively disrupted communications and sensor networks across the area of responsibility, leaving the adversary without the ability to see, coordinate, or respond effectively,” Caine said.
Ella Rae Greene, Editor In Chief
