How Big a Threat Are Iranian-Backed Cyberattacks?

To be clear, in this country it’s still a B-list thriller. As Alex K. Jones, who heads the electrical engineering and computer science department at Syracuse University, told me, the Iranians haven’t launched what he calls a Hollywood-style attack because it’s unlikely they have the capability to do so. (Another possible explanation is that launching a cyberattack on a major American city would be an act of war that could elicit an unprecedented response.) Even so, a major attack is not necessary to inflict pain. The intrusion into industrial automation mentioned in the LPCC The advice led to business interruptions and financial losses. And it’s just one of many hacks that a number of cybersecurity firms say were carried out, both before and during the conflict. These include distributed denial-of-service attacks, in which hackers unleash an army of bots from millions of IP addresses to overwhelm a server with Internet traffic to crash the websites of businesses, government agencies and the military, causing chaos, friction and loss of services, and at least one hack in which a healthcare organization had its data held hostage for ransom. “We don’t live in a world where there won’t be an impact on American citizens at home,” James Turgal, a retired executive assistant director of the FBI and now vice president of Optiv, a Denver-based cybersecurity consultancy, told me. “From a cyber perspective, we are very early. »

In fact, weeks before the first Israeli and American bombs were dropped on Iran, “threat hunter” researchers from Symantec and Carbon Black, two cybersecurity companies that are part of Broadcom, reported that the Seedworm hacker group had infiltrated the networks of a US airport, a bank and an American software company that does business in Israel as a defense and aerospace contractor. The researchers wrote that because Seedworm was already “present on US and Israeli networks before the current hostilities,” the group was in “a potentially dangerous position to launch attacks.” Even though we disrupted these breaches, other organizations could still be vulnerable to attacks.” Bombs explode once, but unless cyber vulnerabilities are patched, they may remain accessible to malicious actors.

Seedworm, which also goes by the names MuddyWater, Static Kitten and Mango Sandstorm, among others, is, according to the FBI and LPCCa front for the Iranian Ministry of Intelligence and Security (VEVE). The use of such proxies is a common feature of state-sponsored hacking: these groups mask a regime’s involvement and provide plausible deniability. Actually tracking down “a guy on a keyboard in Tehran, at a particular IP address, at any given time, is very difficult,” Turgal explained, which then makes attribution difficult and retaliation tricky.

On March 11, twelve days after Operation Epic Fury began, the Handala Hack team, which the Justice Department says is another VEVE front group, allegedly triggered a wiperware attack against Stryker, a global medical technology company based in Michigan, causing disruptions to thousands of devices around the world. A message on » Although no one was killed in the Stryker attack, some surgeries had to be postponed, implants could not be delivered to patients and the company’s stock price fell.

While disrupting the activities of an American multinational may seem like a pale response to the destruction of an Iranian elementary school where more than a hundred children were killed, such asymmetric attacks in the physical and digital domains are a hallmark of this conflict. While Israel and the United States were bombing Iran, Iran was not only attacking Qatar, the United Arab Emirates, Saudi Arabia and other Arab states; he was launching cyberattacks on U.S. allies in Europe and on businesses across the Middle East in an effort to pressure U.S. leaders to stop the attacks. Iran also carried out drone strikes that damaged data centers in the region owned by Amazon Web Services, which operates the world’s largest cloud platform — high-value targets with major financial and operational ramifications. Alexander Leslie, senior advisor for government affairs at the threat intelligence firm Recorded Future, wrote in an email that “Iran’s strength has long been persistence, coercive signals…and techniques that create real disruption without the need for exotic capabilities.” »