Hacked hospitals, hidden spyware: Iran conflict shows how digital fight is ingrained in warfare
WASHINGTON– While fleeing an Iranian missile strike, some Israelis with Android phones received a text message offering a link to real-time information about bomb shelters. But instead of a useful app, the link downloaded spyware that allowed hackers to access the device’s camera, location, and all its data.
The operation, attributed to Iran, demonstrated sophisticated coordination and is just the latest tactic in a cyber conflict that pits the United States and Israel against Iran and its digital proxies. As Iran and its supporters seek to use their cyber capabilities to offset their military disadvantages, they demonstrate how disinformation, artificial intelligence and hacking have become entrenched in modern warfare.
The fake texts received recently appear to have been timed to coincide with the missile strikes, representing a new combination of digital and physical attacks, said Gil Messing, chief of staff at Check Point Research, a cybersecurity firm with offices in Israel and the United States.
“This was sent to people as they ran to shelters to defend themselves,” Messing said. “The fact that it is synchronized and at the same minute… is a first.”
The digital struggle will likely persist even if a ceasefire is reached, experts say, because it is much easier and less costly than conventional conflict and because it is designed not to kill or conquer, but to spy, steal and frighten.
Although high in volume, most war-related cyberattacks have been relatively minor when it comes to damage to economic or military networks. But they have put many U.S. and Israeli companies on the defensive, forcing them to quickly address old security weaknesses.
Investigators at Utah-based security firm DigiCert have so far documented nearly 5,800 cyberattacks launched by nearly 50 different groups linked to Iran. While most attacks targeted U.S. or Israeli companies, DigiCert also saw attacks on networks in Bahrain, Kuwait, Qatar and other countries in the region.
Many attacks are easily thwarted with the latest cybersecurity measures. But they can inflict serious damage on organizations with outdated security and impose a demand on resources even if they fail.
Then there is the psychological impact on businesses likely to do business with the military.
“There are a lot more attacks that are going unreported,” said Michael Smith, director of field technology at DigiCert.
A pro-Iran hacker group on Friday claimed responsibility for infiltrating the account of FBI Director Kash Patel, posting what appeared to be years-old photographs of him, along with a job resume and other personal documents. Many of these documents appeared to be more than ten years old.
This is like many cyberattacks linked to pro-Iranian hackers: spectacular and designed to boost partisan morale, while undermining the opponent’s confidence, but with little impact on the war effort.
Smith said these high-volume, low-impact attacks are “a way to tell people in other countries that you can still reach out and touch them even if they’re on a different continent. That makes it more of an intimidation tactic.”
Iran will likely target the weakest links in U.S. cybersecurity: the supply chains that support the economy and the war effort, as well as critical infrastructure like ports, train stations, water plants and hospitals.
Iran also targets data centers with cyber and conventional weapons, demonstrating how important these centers have become to the military’s economy, communications and information security.
This month, hackers supporting Iran claimed responsibility for hacking Stryker, a Michigan-based medical technology company. The group known as Handala claimed the strike was in retaliation for suspected US strikes that killed Iranian schoolchildren.
Cybersecurity researchers at Halcyon recently published the results of another recent cyberattack targeting a healthcare company. Halcyon did not reveal the name of the company, but said the hackers used a tool that U.S. authorities linked to Iran to install destructive ransomware that locked the company out of its own network.
The hackers never demanded a ransom, suggesting they were motivated by destruction and chaos and not profit.
With the attack on Stryker, “it suggests a deliberate focus on the medical sector rather than targets of opportunity,” said Cynthia Kaiser, senior vice president at Halcyon. “As this conflict continues, we should expect these attacks to intensify. »
AI can be used to both increase the volume and speed of cyberattacks, but also to allow hackers to automate much of the process.
But it is in disinformation that AI has truly demonstrated its corrosive impact on public trust. Partisans on both sides spread false images of atrocities or decisive victories that never happened. A doctored image of sunken US warships has been viewed more than 100 million times.
Iranian authorities have limited access to the internet and work to shape Iranians’ views of the war through propaganda and disinformation. Iranian state media, for example, began reporting fake images of the war as real, sometimes replacing them with their own doctored images, according to a study by NewsGuard, a U.S. company that tracks disinformation.
Heightened concerns about the risks posed by AI and hacking prompted the State Department last year to open an Office of Emerging Threats focused on new technologies and how they could be used against the United States. It joins similar efforts already underway at agencies such as the Cybersecurity and Infrastructure Security Agency and the National Security Agency.
AI also plays a role in defending against cyberattacks by automating and speeding up work, Director of National Intelligence Tulsi Gabbard recently told Congress.
Technology, she said, “will increasingly shape cyber operations, with cyber operators and defenders using these tools to improve their speed and effectiveness,” Gabbard said.
While Russia and China are considered greater cyber threats, Iran has nevertheless launched several operations targeting the Americans. In recent years, groups working for Tehran have infiltrated President Donald Trump’s campaign email system, targeted U.S. water plants and attempted to hack networks used by the military and defense contractors. They impersonated American protesters online to secretly encourage demonstrations against Israel.
