Tehran Is Trouble in Cyberspace
AP Photo/Kamran Jebreili
Tehran Is Trouble in Cyberspace
AP Photo/Kamran Jebreili
Story Stream
recent articles

Iran gets a lot of negative attention for a lot of good reasons, from its sponsorship of terrorism to its nuclear aspirations.

One issue that doesn’t get enough play: cyber.

When cyber capers come up in the media, the story is usually about the external computer network operations of the two most active and infamous offenders out there: China and Russia. This is certainly understandable.

But Tehran is a growing problem for the United States and its interests, even if it isn't as apparently capable or threatening as Moscow or Beijing.       

Indeed, according to the director of national intelligence’s congressional testimony on global threats earlier this year, “Iran continues to present a cyber espionage and attack threat” to the United States.   

A variety of sources indicate that Iran and its proxies have attempted to penetrate a variety of high-value American targets to access secret and/or sensitive information or to prepare for future disruptive attacks.

Those targeted by Iran include U.S. government agencies and private companies as well as universities and think tanks.   

Iran-related cyber actors also appear to be involved in collecting personal information on individuals of interest for intelligence and influence operations. Not surprisingly, Americans are likely among the designated targets. 

Director of National Intelligence Dan Coats noted that “Tehran also uses social media platforms to target U.S. and allied audiences,” using these popular online sites for information operations including creating fake accounts, pages, and groups, and spreading false news.

Iran clearly has us in their cyber crosshairs. 

Though the director didn’t get into specifics in the hearing’s open sessions, Iran has reportedly penetrated some of our critical infrastructure. Publicly available information includes targets such as our electrical grid and at least one dam.

Iran has hit U.S. banks with distributed denial of service attacks, crashing their computer networks with an avalanche of traffic. A group called the Iranian Cyber Army is accused of defacing the U.S. government’s Voice of America website. 

Of course, it’s not just us. Iran is hitting Gulf States, too, especially religious and regional rival Saudi Arabia. Tehran’s hackers infamously struck Saudi Aramco, Riyadh’s national oil company, crippling the energy giant’s computer systems. 

Iran-affiliated attackers also penetrated the computers of Qatar’s energy company, RasGas, an Arab, Gulf country considered friendly to Tehran and one of the world’s largest producers of natural gas.

As you might imagine, Israel is a regular target of Iran’s cyber soldiers, who come under the control of the ill-famed Islamic Revolutionary Guard Corps.

One of the recent targets was Benny Gantz, a prominent Israeli politician and former Israeli Defense Forces chief of staff. Iran reportedly accessed his cell phone and exfiltrated all of its contents during the height of Israel’s election season. 

What shouldn’t be overlooked is that Tehran is also using its terror proxies, including Hezbollah and Hamas, to target Israel. Not only does this create new threat vectors for Israel, it provides Tehran with a modicum of plausible deniability. 

Iran also targets Europe. In one instance, Tehran was involved in penetrating German government offices and other targets in that country. Cyber operations also extend to regime dissidents and opposition living abroad, including in Europe, which Tehran sees as a threat to the regime. 

In Asia, the Iranian Cyber Army hit Baidu, a Chinese internet firm. Iran-based hackers -- likely a state or state-sponsored actor -- also breached the computer system of the Australian parliament. 

Iran-affiliated actors also attacked social media platforms such as Twitter and international institutions including the International Atomic Energy Agency (IAEA), the United Nations’ nuclear watchdog.

Groups with ties to Iran are believed to be involved on a global scale in hijacking internet domain names in order to collect information on website visitors as well as provide opportunities to access victims’ emails and networks.  

Iran isn’t only attacking foreign foes -- it’s using cyber to spy on its own people and repress human rights at home. Domestic targets include members of the media, religious and ethnic minorities, and high-profile cultural figures. The regime also surveils its own politicians, officials, and government agencies to ensure loyalty to the regime and prevent the development of a threat to the illiberal theocracy -- a tactic typical of a police state. 

While not considered the most able and sophisticated threat in comparison to cyber superpowers such as China and Russia, Iran is a serious challenge. It presents a threat that is only expected to grow and intensify with time.

Dr. Peter Brookes is a Heritage Foundation senior fellow and a former deputy assistant secretary of defense. The views expressed are the author's own.