Cyberwarfare and Iran

Last updated

Cyberwarfare is a part of Iran's "soft war" military strategy. Being both a victim and wager of cyberwarfare, [1] Iran is considered an emerging military power in the field. [2]

Contents

Since November 2010, an organization called "The Cyber Defense Command" (Persian : قرارگاه دفاع سایبری; Gharargah-e Defa-e Saiberi) has been operating in Iran under the supervision of the country's "Passive Civil Defense Organization" (Persian : سازمان پدافند غیرعامل; Sazeman-e Padafand-e Gheyr-e Amel) which is itself a subdivision of the Joint Staff of Iranian Armed Forces. [3]

According to a 2014 report by Institute for National Security Studies, Iran is "one of the most active players in the international cyber arena". [4] In 2013, a Revolutionary Guards general stated that Iran has "the 4th biggest cyber power among the world's cyber armies." [5] [6]

According to a 2021 report by a cyber-security company, "Iran is running two surveillance operations in cyber-space, targeting more than 1,000 dissidents". [7]

NIN

Iranian cyber defense system - digital fortress part of national information network (national internet) - is developed for thwarting attacks and engaging attackers. [8] In November 2022, the Iranian Majlis Islamic Consultative Assembly recommended a Passive Defence Incorporation. [9]

Attacks against Iran

In June 2010, Iran was the victim of a cyber-attack when its nuclear facility in Natanz was infiltrated by the cyber-worm 'Stuxnet'. [10] Reportedly a combined effort by the United States and Israel, [11] Stuxnet destroyed perhaps over 1,000 nuclear centrifuges and, according to a Business Insider article, "[set] Tehran's atomic programme back by at least two years." [12] The worm spread beyond the plant to allegedly infect over 60,000 computers, but the government of Iran indicates it caused no significant damage. Iran crowdsourced solutions to the worm and is purportedly now better positioned in terms of cyber warfare technology. [10] No government has claimed responsibility for the worm. [12] The cyber-worm was also used against North Korea.[ citation needed ]

Events

Attacks by Iran

The Iranian government has been accused by Western analysts of its own cyber-attacks against the United States, Israel and Persian Gulf Arab countries, but denied this, including specific allegations of 2012 involvement in hacking into American banks. [12] The conflict between Iran and the United States has been called "history's first known cyber-war" by Michael Joseph Gross in mid-2013. [37]

Events

Command and control

Iranian armed forces install malware apps for espionage on android phones. [59] They could steal victims identity according to Microsoft. [60]

Suspended Iranian accounts

On May 5, 2020, Reuters reported, quoting a monthly Facebook report, that Iranian state-run media had targeted hundreds of fake social media accounts to covertly spread pro-Iranian messaging, online since at least 2011, for secretly broadcasting online promotional messages in favor of Iran in order targeting voters in countries including Britain and the United States. [61] Accounts were suspended for coordinated inauthentic behavior, which removed eight networks in recent weeks, including one with links to the Islamic Republic of Iran Broadcasting. [61]

See also

Alleged operations and malware against Iran
Alleged operations and malware by Iran

Related Research Articles

<span class="mw-page-title-main">Persian Wikipedia</span> Persian language edition of Wikipedia

Persian Wikipedia is the Persian language version of Wikipedia. The Persian version of Wikipedia was started in December 2003. As of March 2024, it has 994,575 articles, 1,291,755 registered users, and 89,131 files, and it is the 19th largest edition of Wikipedia by article count, and ranks 22nd in terms of depth among Wikipedias. It passed 1,000 articles on December 16, 2004, and 200,000 on July 10, 2012. Roozbeh Pournader is the project's first administrator, developer, and bureaucrat.

<span class="mw-page-title-main">Cyberwarfare</span> Use of digital attacks against a nation

Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic warfare.

<span class="mw-page-title-main">Internet censorship in Iran</span> Iranian government-sponsored internet censorship

Iran is notable for the degree of internet censorship by its government. Iran was the second place in the world for internet censorship in 2022 after repeatedly shutting off the internet in parts of country and blocking access to social media platforms to curb protests sparking from of Mahsa Amini’s death, a new poll has showed. The country now targets Virtual Private Networks (VPNs) in order to completely cut off the people from access to outside media. Several popular social media platforms and instant messaging applications are blocked by the Iranian government and the Islamic Revolutionary Guard Corps (IRGC), including YouTube, Facebook, Twitter, WhatsApp, Telegram, Snapchat, Reddit, Medium, Instagram, and Threads. Some streaming services, including Netflix and Hulu, are also blocked by the government. Websites relating to health, science, sports, news, pornography, and shopping are also routinely blocked.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

An advanced persistent threat (APT) is a stealthy threat actor, typically a state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.

Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, multiple independent news organizations recognize Stuxnet to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency.

Duqu is a collection of computer malware discovered on 1 September 2011, thought by Kaspersky Labs to be related to the Stuxnet worm and to have been created by Unit 8200. Duqu has exploited Microsoft Windows's zero-day vulnerability. The Laboratory of Cryptography and System Security of the Budapest University of Technology and Economics in Hungary discovered the threat, analysed the malware, and wrote a 60-page report naming the threat Duqu. Duqu got its name from the prefix "~DQ" it gives to the names of files it creates.

Flame, also known as Flamer, sKyWIper, and Skywiper, is modular computer malware discovered in 2012 that attacks computers running the Microsoft Windows operating system. The program is used for targeted cyber espionage in Middle Eastern countries.

Operation Olympic Games was an ostensible and still unacknowledged campaign of sabotage by means of cyber disruption, directed at Iranian nuclear facilities likely by the United States and Israel. As reported, it is one of the first known uses of offensive cyber weapons. Started under the administration of George W. Bush in 2006, Olympic Games was accelerated under President Obama, who heeded Bush's advice to continue cyber attacks on the Iranian nuclear facility at Natanz. Bush believed that the strategy was the only way to prevent an Israeli conventional strike on Iranian nuclear facilities.

Cyberweapons are commonly defined as malware agents employed for military, paramilitary, or intelligence objectives as part of a cyberattack. This includes computer viruses, trojans, spyware, and worms that can introduce malicious code into existing software, causing a computer to perform actions or processes unintended by its operator.

A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organizations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyberattacks have increased over the last few years. A well-known example of a cyberattack is a distributed denial of service attack (DDoS).

Triton is malware first discovered at a Saudi Arabian petrochemical plant in 2017. It can disable safety instrumented systems, which can then contribute to a plant disaster. It has been called "the world's most murderous malware."

<span class="mw-page-title-main">Russo-Ukrainian cyberwarfare</span> Informatic component of the confrontation between Russia and Ukraine

Cyberwarfare is a component of the confrontation between Russia and Ukraine since the Revolution of Dignity in 2013-2014. While the first attacks on information systems of private enterprises and state institutions of Ukraine were recorded during mass protests in 2013, Russian cyberweapon Uroburos had been around since 2005. Russian cyberwarfare continued with the 2015 Ukraine power grid hack at Christmas 2015 and again in 2016, paralysis of the State Treasury of Ukraine in December 2016, a Mass hacker supply-chain attack in June 2017 and attacks on Ukrainian government websites in January 2022.

<span class="mw-page-title-main">Sandworm (hacker group)</span> Russian hacker group

Sandworm is an advanced persistent threat operated by Military Unit 74455, a cyberwarfare unit of the GRU, Russia's military intelligence service. Other names for the group, given by cybersecurity researchers, include Telebots, Voodoo Bear, IRIDIUM, Seashell Blizzard, and Iron Viking.

The Iranian fuel 2021 cyberstrike was an attack on the Iranian fuel system, government-issued cards used for buying subsidized fuel, and digital road billboards. The attack took place on 26 October 2021. The government announced that people had to buy gas without their ration card. According to the Supreme Council of Cyberspace, the attacks were similar to the attack on the Iranian rail road transit system in July. Iranian President Ebrahim Raisi stated, "this cyberattack is neither the first time nor will it be the last."

The Islamic Revolutionary Guards Corps Cyber Security Command is a command of the Iranian Islamic Revolutionary Guard Corps responsible for cyber warfare and cyber security. It was founded in 2006(1386), its command was established in 2015(1393).

<span class="mw-page-title-main">Behzad Mesri</span> Iranian Hacker

Behzad Mesri, is an Iranian hacker who is wanted by the FBI for hacking the HBO Network. Misri is charged with the following crimes: Computer Fraud - Unauthorized Access to a Protected Computer, Internet Fraud, Computer Fraud - Threat to Breach Confidentiality, Computer Fraud - Threat to Harm a Protected Computer and Breach of Confidentiality, Interstate Sending a Threatening correspondence and aggravated identity theft".

Uprising till Overthrow, is an Iranian hacker group affiliated with the People's Mojahedin Organization. This group has hacked the website of the Islamic Consultative Assembly and has published the legal slips of the members of the Islamic Consultative Assembly of Iran. The hacking of the website was confirmed by Iran's domestic media, but the receipts published by Iran's media are said to be fake.

References

  1. Joshi, Shashank. "Iran, the Mossad and the power of cyber-warfare". Archived from the original on October 3, 2013. Retrieved March 18, 2015.
  2. "Iran's military is preparing for cyber warfare". The Telegraph . October 3, 2013. Archived from the original on August 10, 2018. Retrieved March 18, 2015.
  3. Bastani, Hossein (December 13, 2012). "Structure of Iran's Cyber Warfare". Institut Français d’Analyse Stratégique. Archived from the original on May 23, 2019. Retrieved March 18, 2015.
  4. Siboni, Gabi; Kronenfeld, Sami (April 3, 2014). "Developments in Iranian Cyber Warfare, 2013–2014". INSS Insight. Institute for National Security Studies. Archived from the original on January 5, 2020. Retrieved March 18, 2015.
  5. "Israeli Think Tank Acknowledges Iran as Major Cyber Power, Iran Claims its 4th Biggest Cyber Army in World". Hack Read. October 18, 2013. Archived from the original on May 30, 2019. Retrieved March 18, 2015.
  6. "- IRANIAN CYBER THREAT TO THE U.S. HOMELAND". www.govinfo.gov. Archived from the original on 2021-10-28. Retrieved 2021-10-28.
  7. "Iran 'hides spyware in wallpaper, restaurant and games apps'". BBC News. 8 February 2021. Archived from the original on 2021-08-07. Retrieved 2021-10-28.
  8. "شکست حملات سایبری در مقابل"دژفا"". 2020-02-09. Archived from the original on 2020-02-09. Retrieved 2021-10-28.
  9. "آغاز جلسه علنی مجلس/ طرح تشکیل سازمان پدافند غیرعامل در دستور". 6 November 2022. Archived from the original on 13 November 2022. Retrieved 13 November 2022.
  10. 1 2 "Stuxnet and the Future of Cyber War". James P. Farwell and Rafal Rohozinski.
  11. Sanger, David E. (1 June 2012). "Obama Order Sped Up Wave of Cyberattacks Against Iran". The New York Times. Archived from the original on 1 June 2012. Retrieved 1 June 2012.
  12. 1 2 3 "US General: Iran's Cyber War Machine 'A Force To Be Reckoned With'". Business Insider. Archived from the original on 2019-04-02. Retrieved 2017-11-14.
  13. McElroy, Damien (October 2, 2013). "Iranian cyber warfare commander shot dead in suspected assassination". The Telegraph . Archived from the original on October 7, 2019. Retrieved March 18, 2015.
  14. "Iran accuses Israel of failed cyber attack". Reuters. 5 November 2018. Archived from the original on 2020-05-28. Retrieved 2018-11-06.
  15. "Iran accuses Israel of failed cyber attack - CNA". Archived from the original on 2019-09-10. Retrieved 2018-11-06.
  16. Turak, Ryan Browne,Natasha (5 October 2022). "Hacktivists seek to aid Iran protests with cyberattacks and tips on how to bypass internet censorship". CNBC. Archived from the original on 2023-01-13. Retrieved 2023-03-09.{{cite web}}: CS1 maint: multiple names: authors list (link)
  17. "ماجرای حمله سایبری به سایت وزارت علوم چه بود؟". اعتمادآنلاین (in Persian). 2023-09-24. Retrieved 2023-09-24.
  18. فردا, رادیو (2023-09-24). "سایت وزارت علوم ایران "هک شد"؛ هکرها می‌گویند به "بیش از ۲۰ هزار سند" دست یافته‌اند". رادیو فردا (in Persian). Retrieved 2023-09-24.
  19. قربانی, زهرا (2023-09-23). "ماجرای هک سایت وزارت علوم چیست؟ / سامانه‌های دولتی زیر ذره‌بین هکر‌ها". راه پرداخت (in Persian). Retrieved 2023-09-24.
  20. "واکنش عجیب رییس بنیاد شهید به هک شدن سرورهای این سازمان؛ اطلاعاتی حساسی نداشتیم!". اعتمادآنلاین (in Persian). 2023-09-24. Retrieved 2023-09-24.
  21. "ماجرای هک سایت وزارت امور خارجه چه بود؟". اعتمادآنلاین (in Persian). 2023-09-24. Retrieved 2023-09-24.
  22. "هک شرکت‌های بیمه در ایران و نگرانی از ضعف امنیت سایبری". BBC News فارسی (in Persian). 2023-09-04. Retrieved 2023-09-24.
  23. فردا, رادیو (2023-09-04). "برکناری رئیس کل بیمه مرکزی ایران در پی اخبار "هک اطلاعات ۱۸ شرکت بیمه"". رادیو فردا (in Persian). Retrieved 2023-09-24.
  24. "پس‌لرزه‌های هک اطلاعات ۱۸ شرکت بیمه؛ رئیس کل بیمه مرکزی ایران برکنار شد". صدای آمریکا (in Persian). 2023-09-04. Retrieved 2023-09-24.
  25. "ابعاد هک و انتشار اطلاعات شخصی خبرنگاران و کارکنان خبرگزاری فارس بررسی شود". اعتمادآنلاین (in Persian). 2023-09-24. Retrieved 2023-09-24.
  26. قربانی, زهرا (2023-09-20). "ماجرای هک سازمان ثبت‌احوال چه بود؟". راه پرداخت (in Persian). Retrieved 2023-09-24.
  27. "هشدار هکرهای بلک رویوارد: اگر رژیم به خواست مردم تن ندهد، اسناد هسته‌ای را رو می کنیم". ایران اینترنشنال (in Persian). 2023-09-22. Retrieved 2023-09-24.
  28. "سند هک شده: وزارت خارجه جمهوری اسلامی نشستی برای مدیریت بحران پهپادی در اوکراین برگزار کرد". ایران اینترنشنال (in Persian). 2024-01-25. Retrieved 2024-01-25.
  29. "اختلال سراسری در پمپ بنزین‌های ایران؛ "گنجشک درنده": حمله سایبری کار ما بود". BBC News فارسی (in Persian). 2023-12-18. Retrieved 2024-01-25.
  30. "هکرهای شرکت «اسنپ فود» نهایی شدن دریافت باج را تائید کردند". BBC News فارسی (in Persian). 2024-01-01. Retrieved 2024-03-01.
  31. فردا, رادیو (2024-02-13). "روابط عمومی مجلس هک وب‌سایت‌ها و «دسترسی» هکرها به اسناد مجلس را تأیید کرد". رادیو فردا (in Persian). Retrieved 2024-03-01.
  32. "هک وب‌سایت‌های مجلس؛ هکرها «حقوق ۲۰۰ میلیونی» نمایندگان و مزایایی مانند «آجیل شب یلدا» را فاش کردند". صدای آمریکا (in Persian). 2024-02-13. Retrieved 2024-03-01.
  33. "حمله سایبری هکرهای روسی به سفارت‌خانه‌های جمهوری اسلامی". ایران اینترنشنال (in Persian). 2024-03-01. Retrieved 2024-03-01.
  34. "Justice Of Iran". web.archive.org. 2024-02-21. Retrieved 2024-03-01.
  35. "هکرهای گمنام چهارده گیگابایت اطلاعات از سرورهای دانشگاه صنعتی مالک اشتر استخراج کردند". صدای آمریکا (in Persian). 2024-02-22. Retrieved 2024-03-01.
  36. "US Cyberattack Hit 2 Iranian Military Ships in Red Sea". Voice of America. 2024-02-16. Retrieved 2024-03-01.
  37. "Silent War" Archived 2014-11-15 at the Wayback Machine July 2013 Vanity Fair
  38. Joseph Marks (22 April 2015). "Iran launched major cyberattacks on the Israeli Internet". Politico. Archived from the original on 10 November 2014. Retrieved 27 April 2015.
  39. Micah Halpern (22 April 2015). "Iran Flexes Its Power by Transporting Turkey to the Stone Age". Observer. Archived from the original on 14 December 2019. Retrieved 27 April 2015.
  40. "Iran blamed for cyberattack on Parliament that hit dozens of MPs, including Theresa May". The Telegraph. 14 October 2017. Archived from the original on 6 December 2017. Retrieved 6 December 2017.
  41. "Israel's Jerusalem Post Website Hacked". Reuters. 3 January 2022. Archived from the original on 2022-01-03. Retrieved 2022-01-03.
  42. "Jerusalem Post website hacked with Iran warning on anniversary of Soleimani killing". The Times of Israel . Archived from the original on 2022-01-03. Retrieved 2022-01-03.
  43. Yonah Jeremy Bob (2022-03-14). "Cyberattack against Israeli sites follows reports of failed Mossad op against Iran". The Jerusalem Post. Archived from the original on 2022-03-14. Retrieved 2022-03-14.
  44. Yaniv Kubovich. "Israeli Government Sites Crash in Cyberattack". Haaretz. Archived from the original on 2022-03-14. Retrieved 2022-03-14.
  45. "New Entries in the CFR Cyber Operations Tracker: Q3 2022". Council on Foreign Relations. Archived from the original on 2023-04-26. Retrieved 2023-03-09.
  46. Agencies. "Albania cuts diplomatic ties with Iran, boots out diplomats over July cyberattack". www.timesofisrael.com. Archived from the original on 2022-11-17. Retrieved 2023-03-09.
  47. "Iranian hackers compromise US government network in cryptocurrency generating scheme, officials say". Archived from the original on 2022-11-17. Retrieved 2022-11-17.
  48. "Iranian hacker group Agrius launches Moneybird ransomware attacks on Israeli entities". www.2-spyware.com. 2023-05-25. Retrieved 2023-05-25.
  49. Kleinman, Danielle (2023-03-07). "Iran Launches Cyberattack on Israeli University". FDD. Retrieved 2023-05-25.
  50. "Iran suspect in cyberattack targeting Israeli shipping, financial firms - Al-Monitor: Independent, trusted coverage of the Middle East". www.al-monitor.com. 2023-05-24. Retrieved 2023-05-25.
  51. "Iran state-backed hackers are shifting to disinformation, Microsoft says".
  52. "هکرهای سپاه پاسداران مخالفان رژیم جمهوری اسلامی را در آلمان هدف قرار می‌دهند". ایران اینترنشنال (in Persian). 2024-01-25. Retrieved 2024-01-25.
  53. Sgueglia, Sean Lyngaas, By Kristina (2023-11-28). "Federal officials investigating after pro-Iran group allegedly hacked water authority in Pennsylvania". CNN. Retrieved 2023-11-29.{{cite web}}: CS1 maint: multiple names: authors list (link)
  54. Kohli, Pankaj (2023-07-27). "Uncovering an Iranian mobile malware campaign". Sophos News. Retrieved 2023-12-02.
  55. "OilRig's persistent attacks using cloud service-powered downloaders". www.welivesecurity.com. Retrieved 2024-01-25.
  56. "حمله سایبری هکرهای جمهوری اسلامی موجب قطع آب منطقه‌ای در ایرلند شد". ایران اینترنشنال (in Persian). 2024-03-01. Retrieved 2024-03-01.
  57. "Disrupting malicious uses of AI by state-affiliated threat actors". February 14, 2024.
  58. "Staying ahead of threat actors in the age of AI". February 14, 2024.
  59. "Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy". Archived from the original on 2023-05-01. Retrieved 2023-04-30.
  60. "Rinse and repeat: Iran accelerates its cyber influence operations worldwide". 2 May 2023.
  61. 1 2 "Facebook says it dismantles disinformation network tied to Iran's state media". REUTERS. 5 May 2020. Archived from the original on 21 August 2021. Retrieved 28 October 2021.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.