FRESH AIR

Iranian cyberattacks may increase in the wake of Soleimani’s assassination

Feb 5, 2020 | Oved Lobel

Iran Cyber 2

Following the targeted killing of Qassem Soleimani, chief of the Iran’s Islamic Revolutionary Guard Corps-Quds Force (IRGC-QF), in Iraq on January 3, the US braced itself for Iranian cyberattacks. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency warned on January 6 of “disruptive and destructive cyber operations” by Iran, as well as espionage and disinformation campaigns. The following day, Texas Governor Greg Abbott declared that state agencies had been “probed” about 10,000 times per minute over the preceding 48 hours by Iran, with the Texas Department of Agriculture and other websites defaced, some with images of Soleimani.

However, Iran’s malicious activity against the US and its allies did not begin with Soleimani’s assassination. AIJAC has covered Iran’s sprawling disinformation campaigns and cyberattacks across the world, including Australia, where IRGC-linked hackers have attempted to steal sensitive research from dozens of Australian universities and were reportedly behind the hack of defence contractor Austal.

Since then, Iran’s activities have only increased, as have details of these activities. For instance, CNN recently reported that the ostensibly independent American Herald Tribune, established in 2015, is likely linked to Iran’s disinformation network and that Iran is actually paying Americans to write their propaganda. On February 5, a Reuters investigation revealed that an Iran-linked hacking group dubbed “Charming Kitten” had been posing as journalists and inviting potential victims to non-existent events and trying to set up bogus interviews. Three cybersecurity firms – Certfa, ClearSky and SecureWorks – linked multiple incidents primarily targeting Israeli researchers and Iranian expats back to Charming Kitten, which has masqueraded as well-known Wall Street Journal, CNN, Iran International and Deutsche Welle journalists as well as inventing some of its own. While the attempts were described as “sloppy,” the second-order effects of making sources afraid to respond to journalists could still be damaging.

On New Year’s Day, a website spoofing that of the Foreign Policy Research Institute (FPRI) published a fake article meant to stoke tensions between the US and Iraq. The article spread across the internet, prompting confusion among those who read FPRI analysis and even a statement denying the article by the Iraqi Prime Minister. FPRI pointed the finger at Iran:

“The timing of the fake article’s publication appears to have been part of a disinformation campaign launched following the strike on KH targets. Following the article’s release, the Iraqi President’s office denied that the article reflected reality, but the fact that a statement had to be issued suggested that this piece of disinformation had become widespread. The spoofed site took users to real FPRI articles and pages upon further clicking—suggesting that the post was legitimate. The website has been taken down, but the removal of the site is less important than the outcome of the initial intent: To use FPRI as a vehicle to provide legitimacy for the disinformation.” 

A hack of Kuwait’s State-Run news agency KUNA on January 8, also almost certainly by Iran, spread the lie that US troops were withdrawing from the region, causing brief international consternation. Previously, Iranian disinformation has resulted in implicit threats of nuclear war against Israel by a former Pakistani Defence Minister. While the impact of disinformation is often exaggerated, the FPRI and Kuwait incidents are a more dangerous and effective form of political disruption.

Iran’s ability to target critical infrastructure is even more dangerous. On January 9, ZDnet reported that the Bahrain Petroleum Company, Bapco, had been hit by data-wiping malware deployed by an Iran-backed hacking group on December 29. The attack, according to ZDnet sources, only knocked out a portion of Bapco’s computers and did not disrupt the company’s operations. Iran has previously attacked Gulf oil infrastructure, including a devastating attack on Saudi Aramco as well as Qatar’s RasGas in 2012.

The US Director of National Intelligence rates the Iranian capability as high as that of Russia and China when it comes to attacks against industrial control systems and physical infrastructure. According to Israeli reports, Iran was one of the countries behind as many as 800 cyberattacks against planes and airports as foreign leaders flew into Israel to attend the World Holocaust Forum on January 23.

Researchers at cybersecurity firm Recorded Future also suspect Iran-backed hackers in a cyberintrusion into a European energy company, likely for espionage purposes. According to the firm, the IRGC cyber division doesn’t conduct its cyberattacks directly, but contracts them out to dozens of independent groups via intermediaries. As Dorothy Denning, Emeritus Distinguished Professor of Defense Analysis at the Naval Postgraduate School, summarised Recorded Future’s findings:

“The Islamic Revolutionary Guard Corps uses trusted intermediaries to manage contracts with independent groups. These intermediaries are loyal to the regime, but separate from it. They translate the Iranian military’s priorities into discrete tasks, which are then auctioned off to independent contractors. Recorded Future estimates that as many as 50 organizations compete for these contracts. Several contractors may be involved in a single operation.”

Although Iran targets Australia regardless of what Australia does, tension has increased recently over the plight of British-Australian academic Kylie Moore-Gilbert, arrested by Iran in 2018 on bogus charges and held under inhumane conditions. As a result, cyberattacks against Australian financial and industrial infrastructure could become more serious in coming weeks and months.

Tags: , ,

RELATED ARTICLES


Israeli Settlements Near Bethlehem

Report: Approvals for West Bank settlement expansion ‘stuck’

Nov 4, 2024 | Featured, Fresh AIR
Syrians celebrate the demise of Hassan Nasrallah (Image: X/ Hamdi Rifai)

The Syrian town that Hezbollah almost starved to death

Oct 16, 2024 | Fresh AIR
October 7 Commemoration, Jewish Care Melbourne 7.10.2024

October 7 commemoration in Melbourne

Oct 8, 2024 | Featured, Fresh AIR
An IDF bulldozer checks for explosive charges beneath roads approaching the Nur Shams camp near Tulkarem (Screenshot)

IDF, Shin Bet launch major operation in northern West Bank

Aug 28, 2024 | Featured, Fresh AIR
Image: United Nations/ X

The UN continues to ignore Israeli victims of terrorism

Aug 28, 2024 | Featured, Fresh AIR
The aftermath of the violent settler attack upon the West Bank town of Jit (Image: X/ Twitter)

Jewish community condemnation of settler violence is not new

Aug 27, 2024 | Featured, Fresh AIR

RECENT POSTS

Image: Shutterstock

AIJAC frustrated and shocked at ABC Ombudsman’s rejection of complaint against an “open and shut” case of factual error

Israeli Settlements Near Bethlehem

Report: Approvals for West Bank settlement expansion ‘stuck’

Screenshot

‘Concerning escalation’ of Iranian nuclear threats against Israel: Joel Burnie on Sky News

Image: Shutterstock

Fact Sheet: Recent Israeli legislation on UNRWA

Image: Anas-Mohammed/ Shutterstock

The Australian Government refuses to see UNRWA’s terrorism

Image: Shutterstock

AIJAC frustrated and shocked at ABC Ombudsman’s rejection of complaint against an “open and shut” case of factual error

Israeli Settlements Near Bethlehem

Report: Approvals for West Bank settlement expansion ‘stuck’

Screenshot

‘Concerning escalation’ of Iranian nuclear threats against Israel: Joel Burnie on Sky News

Image: Shutterstock

Fact Sheet: Recent Israeli legislation on UNRWA

Image: Anas-Mohammed/ Shutterstock

The Australian Government refuses to see UNRWA’s terrorism

SORT BY TOPICS