Iranian cyber attacks pose growing threat as government-linked groups use ‘destructive’ skills to strike globally, Israeli analyst warns.
Iranian cyber attacks are rapidly expending in scope and intensity, an Israeli expert says. By now, Iran has become a dangerous cyber power operating on a global scale, senior analyst Sanaz Yashar warns.
Yashar is deeply familiar with Iran, personally and professionally. She was born in Tehran and moved to Israel in her teens. After joining the IDF, she spent some 15 years in an elite intelligence unit, where she engaged in offensive cyber operations.
Today Yashar works at FireEye, advising government agencies and business enterprises on ways to detect and block cyber threats. In her work she often encounters malicious Iranian actors, and is concerned by what she sees.
The geographic reach of Iranian cyber attacks is growing, Yashar told the recent Cyber Defense Live conference, covered by tech website The People. The Iranians are striking in Israel, the US and Asia, thus signaling that they are boosting their capabilities and manpower, she said.
In an earlier interview, Yashar said that Iran increasingly operates via government-linked groups. These APTs (Advanced Persistent Threat actors) have “truly destructive capabilities,” she warned. Tehran either sponsors them directly or turns a blind eye to their activities, she said.
As time passes, Iran is becoming a serious cyber player by boosting its technological skills and strike intensity, Yashar observed. The Iranians no longer rely on simplistic tools and must not be dismissed, she said at the time. Events since then have confirmed her warnings.
Secret Iranian cyber attacks
By now, Iranian APTs engage in wide-ranging cyber activity. One such group focuses on communication providers and airlines to hack into huge personal data records, Yashar told the conference. This could help Iran carry out covert missions, she said, for example by forging foreign passports.
Another Iranian APT targets diverse government sectors, including defense and energy bodies. Recently, this group secretly launched aggressive cyber attacks on Arab states that signed peace deals with Israel, she said.
In another attack, Iranian hackers planted Hebrew phrases in one of their tools to confuse defenders and pin the attack on Israel, Yashar revealed. Iran was also behind the recent hacking of Israel Hayom daily’s Tweeter account, she claimed.
Overall, the Iranians invest heavily in boosting their cyber force and are taking steps to become a cyber superpower, Yashar said. While they are not yet as powerful as Russia and China, they are closing the gap, she concluded.
Can Israel deter Iran?
An Israeli study warned last year that Iran is building high-level cyber capabilities and sophisticated tools. The analysis, published by The Institute for National Security Studies (INSS), stressed that Israeli defenses were not sufficient to fully protect against Iranian cyber attacks.
Since then, Iran targeted Israel with several cyber attacks, most prominently on water facilities across the country. Last week, an Iranian cleric claimed that Tehran just disrupted Israel’s power supply. However, the Electric Company strongly denied this, claiming that nationwide blackouts were caused by a mishap.
Notably, the INSS study called for an Israeli deterrence strategy to discourage Iranian attacks. Under this doctrine, Israel should threaten Iran with severe retaliation in response to malicious cyber activity, the report recommended.
Israel has allegedly carried out such operations, disrupting work at Iranian ports among other targets. But given Tehran’s aggressive posture and growing Iranian cyber attacks, this tit-for-tat battle will likely escalate in the coming months.
Earlier this year, Israel’s cyber chief warned that a “cyber winter” is coming soon. As Iran continues to upgrade its strike capabilities, Israel’s top cyber defenders will have to design new solutions to counter this increasingly dangerous threat.