FRESH AIR

Iranian cyberattacks may increase in the wake of Soleimani’s assassination

February 5, 2020 | Oved Lobel

Iran Cyber 2

Following the targeted killing of Qassem Soleimani, chief of the Iran’s Islamic Revolutionary Guard Corps-Quds Force (IRGC-QF), in Iraq on January 3, the US braced itself for Iranian cyberattacks. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency warned on January 6 of “disruptive and destructive cyber operations” by Iran, as well as espionage and disinformation campaigns. The following day, Texas Governor Greg Abbott declared that state agencies had been “probed” about 10,000 times per minute over the preceding 48 hours by Iran, with the Texas Department of Agriculture and other websites defaced, some with images of Soleimani.

However, Iran’s malicious activity against the US and its allies did not begin with Soleimani’s assassination. AIJAC has covered Iran’s sprawling disinformation campaigns and cyberattacks across the world, including Australia, where IRGC-linked hackers have attempted to steal sensitive research from dozens of Australian universities and were reportedly behind the hack of defence contractor Austal.

Since then, Iran’s activities have only increased, as have details of these activities. For instance, CNN recently reported that the ostensibly independent American Herald Tribune, established in 2015, is likely linked to Iran’s disinformation network and that Iran is actually paying Americans to write their propaganda. On February 5, a Reuters investigation revealed that an Iran-linked hacking group dubbed “Charming Kitten” had been posing as journalists and inviting potential victims to non-existent events and trying to set up bogus interviews. Three cybersecurity firms – Certfa, ClearSky and SecureWorks – linked multiple incidents primarily targeting Israeli researchers and Iranian expats back to Charming Kitten, which has masqueraded as well-known Wall Street Journal, CNN, Iran International and Deutsche Welle journalists as well as inventing some of its own. While the attempts were described as “sloppy,” the second-order effects of making sources afraid to respond to journalists could still be damaging.

On New Year’s Day, a website spoofing that of the Foreign Policy Research Institute (FPRI) published a fake article meant to stoke tensions between the US and Iraq. The article spread across the internet, prompting confusion among those who read FPRI analysis and even a statement denying the article by the Iraqi Prime Minister. FPRI pointed the finger at Iran:

“The timing of the fake article’s publication appears to have been part of a disinformation campaign launched following the strike on KH targets. Following the article’s release, the Iraqi President’s office denied that the article reflected reality, but the fact that a statement had to be issued suggested that this piece of disinformation had become widespread. The spoofed site took users to real FPRI articles and pages upon further clicking—suggesting that the post was legitimate. The website has been taken down, but the removal of the site is less important than the outcome of the initial intent: To use FPRI as a vehicle to provide legitimacy for the disinformation.” 

A hack of Kuwait’s State-Run news agency KUNA on January 8, also almost certainly by Iran, spread the lie that US troops were withdrawing from the region, causing brief international consternation. Previously, Iranian disinformation has resulted in implicit threats of nuclear war against Israel by a former Pakistani Defence Minister. While the impact of disinformation is often exaggerated, the FPRI and Kuwait incidents are a more dangerous and effective form of political disruption.

Iran’s ability to target critical infrastructure is even more dangerous. On January 9, ZDnet reported that the Bahrain Petroleum Company, Bapco, had been hit by data-wiping malware deployed by an Iran-backed hacking group on December 29. The attack, according to ZDnet sources, only knocked out a portion of Bapco’s computers and did not disrupt the company’s operations. Iran has previously attacked Gulf oil infrastructure, including a devastating attack on Saudi Aramco as well as Qatar’s RasGas in 2012.

The US Director of National Intelligence rates the Iranian capability as high as that of Russia and China when it comes to attacks against industrial control systems and physical infrastructure. According to Israeli reports, Iran was one of the countries behind as many as 800 cyberattacks against planes and airports as foreign leaders flew into Israel to attend the World Holocaust Forum on January 23.

Researchers at cybersecurity firm Recorded Future also suspect Iran-backed hackers in a cyberintrusion into a European energy company, likely for espionage purposes. According to the firm, the IRGC cyber division doesn’t conduct its cyberattacks directly, but contracts them out to dozens of independent groups via intermediaries. As Dorothy Denning, Emeritus Distinguished Professor of Defense Analysis at the Naval Postgraduate School, summarised Recorded Future’s findings:

“The Islamic Revolutionary Guard Corps uses trusted intermediaries to manage contracts with independent groups. These intermediaries are loyal to the regime, but separate from it. They translate the Iranian military’s priorities into discrete tasks, which are then auctioned off to independent contractors. Recorded Future estimates that as many as 50 organizations compete for these contracts. Several contractors may be involved in a single operation.”

Although Iran targets Australia regardless of what Australia does, tension has increased recently over the plight of British-Australian academic Kylie Moore-Gilbert, arrested by Iran in 2018 on bogus charges and held under inhumane conditions. As a result, cyberattacks against Australian financial and industrial infrastructure could become more serious in coming weeks and months.

Tags: , ,

RELATED ARTICLES

(image: Shutterstock/Svet Foto)

Military strikes alone won’t stop the Houthis without direct pressure on Iran

Mar 20, 2025 | Featured, Fresh AIR
Image: X

Pay-for-Slay is likely still Pay-for-Slay

Mar 7, 2025 | Fresh AIR
Image: X

The missing pieces of the Thai hostages story

Feb 21, 2025 | Fresh AIR
Damaged section of Kamal Adwan Hospital (image: World Health Organisation)

The latest IDF raid on the Kamal Adwan Hospital debunks absurd UN report

Jan 9, 2025 | Featured, Fresh AIR
Iran's Supreme Leader Ali Khamenei (left), the late Hezbollah Secretary-General Hassan Nasrallah and the late commander of the IRGC's Qods Force Qassem Soleimani

The Axis of Resistance is not dead yet

Dec 19, 2024 | Featured, Fresh AIR
Iranian women being ushered into a van by "Morality police" (Image: X)

Iranian human rights have significantly worsened since the “Woman, Life, Freedom” protests

Dec 18, 2024 | Featured, Fresh AIR
D11a774c 2a47 C987 F4ce 2d642e6d9c8d

Bibi in DC, the Houthi threat and the politicised ICJ opinion

Jul 26, 2024 | Update
Image: Shutterstock

Nine months after Oct. 7: Where Israel stands now

Jul 10, 2024 | Update
Palestinian Red Crescent workers from Al-Najjar Hospital in the city of Rafah, south of the Gaza Strip (Image: Shutterstock)

Hamas’ impossible casualty figures

Mar 28, 2024 | Update
455daec3 C2a8 8752 C215 B7bd062c6bbc

After the Israel-Hamas ceasefire for hostages deal

Nov 29, 2023 | Update
Screenshot of Hamas bodycam footage as terrorists approach an Israeli vehicle during the terror organisation's October 7, 2023 attack in southern Israel, released by the IDF and GPO (Screenshot)

Horror on Video / International Law and the Hamas War

Oct 31, 2023 | Update
Sderot, Israel. 7th Oct, 2023. Bodies of dead Israelis lie on the ground following the attacks of Hamas (Image: Ilia Yefimovich/dpa/Alamy Live News)

Israel’s Sept. 11, only worse

Oct 11, 2023 | Update
Screenshot 2025 03 28 At 11.35.48 AM

The day after the end of the Gaza war – and the new opportunities it presents: Ehud Yaari at the Sydney Institute

Mar 28, 2025 | Featured, Video
Screenshot

Jonathan Conricus in conversation with Joel Burnie

Feb 24, 2025 | Featured, Video
Sydney, January 2025 (Image: X)

Reacting to the latest antisemitic attacks: Colin Rubenstein on SBS Hebrew radio

Feb 3, 2025 | Video
Screenshot

Antisemitic bomb plot “a massive escalation”: Colin Rubenstein on Sky News

Jan 30, 2025 | Featured, Video
(Image: screenshot)

Antisemitism database “first step of many more that need to be taken”: Dr Colin Rubenstein on ABC TV

Jan 22, 2025 | Featured, Video
Screenshot 2024 12 20 At 12.44.43 PM

AIJAC speaks out against hate… Will you join us?

Dec 20, 2024 | Featured, Video

RECENT POSTS

Anti-Hamas protests in Gaza (Image: Reddit)

Gaza protests: A turning point or a moment of desperation?

A “deep well of hatred” in segments of the Muslim community contributed to the recent outburst  of extremism and antisemitism in Australia (Image: Diana Zavaleta/ Shutterstock)

Essay: The Politics of Hatred

Iranian President Masoud Pezeshkian (left) may hint at agreeing to nuclear negotiations, but it is Supreme Leader Ali Khamenei (right) who will ultimately make the decision (Image: Khamenei.ir)

Iran: Moving beyond diplomatic delusions

A statue of Moses holding the Ten Commandments (Image: Shutterstock)

The Last Word: One Story

Israeli PM Netanyahu controversially announces he needs to fire Shit Bet chief Ronen Bar (Screenshot)

Marching toward controversy and division

SORT BY TOPICS