computing screen with code

With Iran鈥檚 growing expertise and willingness to conduct aggressive cyber operations, Dr Vasileios Karagiannopoulos and Dr Iain Reid examine the threat to the US and its global allies.

5 minutes

A feature of the simmering tensions between has been not just the tit-for-tat missile and drone strikes and assassinations, but accusations of waged by Iran.

On April 23, the US Treasury announced it was sanctioning two Iranian companies and four Iranian individuals for conducting against more than a dozen US companies and government organisations. The Treasury alleged that these organisations and individuals had conducted spear phishing, malware and ransomware attacks, which it said aimed to destabilise important national infrastructure in the US.

This followed an announcement in February that it was linked to the country鈥檚 military for what it described as attacks on water and wastewater systems in the US.

Identifying the people behind these attacks can . But the US the hacks are perpetrated by 鈥渇ront companies鈥 and hackers operating for Iran鈥檚 Islamic Revolutionary Guard Corps Cyber Electronic Command (IRG-CEC).

The main sanctioned company, (MASN) is identified as regularly launching what is known in the cyber world as advanced persistent threat (APT) attacks.

are long-term attacks on high-value targets such as large companies and government organisations.

MASN was linked in 2019 by cybersecurity giant Symantec (now Gen Digital Inc) with a group it called . Symantec said Tortoiseshell had been since at least July 2018. It was linked with cyberattacks against Saudi Arabian IT providers and Israeli shipping, logistics and financial services companies.

Much less is known about the actions of the second sanctioned company, . But from information available online, it claims to be a software and web development company based in Tehran.

Alongside the sanctions, the US government is (拢8 million) and a 鈥減lane ticket to somewhere new鈥 for anyone having more information about the hackers in question.

 

The recent announcement follows a wider pattern of the US cybercrime groups it has identified and linked to rogue activity.

By publicly naming these groups, in this instance, the US says it wants to that the IRG-CEC is using these companies for launching illegal cyber-attacks against international targets. But efforts by the US government to deter state-backed hackers working for governments including Iran, China and Russia have yet to bear fruit.

To date, have ever been apprehended to stand trial in the US.

War in all but name

Washington and Tehran have been at loggerheads since the 1979 revolution. The US imposed sanctions against the Islamic Republic when militant students overran the US embassy in the Iranian capital in November 1979 sparking the 400-day hostage crisis.

They have with various levels of intensity. This, despite efforts by the Obama administration to move towards normalisation, with the signing in 2015 of an agreement under which Iran agreed to limit its nuclear programme in return for an easing of sanctions.

Donald Trump .

The first major act of cyberwar between the two countries was, in fact, the , a . Stuxnet drove a wrecking ball through Iran鈥檚 nuclear facilities in 2010. The virus manipulated control systems and caused centrifuges to overheat. This caused serious damage and set Iran鈥檚 nuclear programme back by years.

This incident marked the beginning of an on-again, off-again conflict between the two countries. In 2016, the US Justice Department . It accused the group of hacking into dozens of American banks as well as trying to take over the controls of a small dam in a suburb of New York.

This was the first time the US had publicly accused the Iranian Revolutionary Guard Corps (IRGC) of involvement in cyber-attacks. But it is thought Iran had been targeting the US financial systems with a 鈥渟ystematic campaign of distributed denial of service (DDoS) attacks鈥 since 2011.

After the US assassinated top Iranian general, Qasem Soleimani, in 2020, the US Department of Homeland Security鈥檚 Cybersecurity and Infrastructure Security Agency published an official guidance, to prepare for a possible wave of cyber-attacks from Iran.

At the time the threat was . One expert wrote in the New York Times that: 鈥淭ehran is a capable and prolific actor in the realm of cyberwarfare, but it has no proven ability to create large-scale physical damage through cyberoperations.鈥

Growing threat

However, in recent years Iran seems to have further developed its cyber capabilities. In 2023, the Office of the Director of National Intelligence鈥檚 declared that: 鈥淚ran鈥檚 growing expertise and willingness to conduct aggressive cyber operations make it a major threat to the security of US and allied networks and data.鈥

Meanwhile, the ranked Iran as tenth among the 30 countries it investigated in 2022 (up from 23rd in 2020). Additionally, in a that offers a new global metric for cybercriminality, Iran is ranked 11th in relation to the impact, professionalism and technical skills of cybercriminals operating in the country.

In the increasingly murky margins of a world where cybercriminals and governments can overlap, Iran鈥檚 increasing sophistication in this field cannot be ignored.

, Associate Professor in Cybercrime and Cybersecurity and Co-Director of the Centre for Cybercrime and Economic Crime, and , Course Leader, MSc Cybercrime,

This article is republished from under a Creative Commons license. Read the .

More articles from The Conversation...

The Conversation is an independent source of news analysis and informed comment written by academic experts, working with professional journalists who help share their knowledge with the world.