US-Israel Cyberattacks on Iran: Tehran Retaliates Amid Escalating Cyberwar

Post Views: 13

US-Israel and Iran Engage in Escalating Cyber Conflict

The ongoing tensions between the United States, Israel, and Iran have spilled into the digital realm, with both sides engaging in a series of cyberattacks aimed at disrupting each other’s critical infrastructure and military capabilities.

Cyberattacks Against Iran

According to reports, US-Israeli forces have conducted a series of cyberattacks against Iranian targets, including news websites, communication infrastructure, and local applications. The attacks, which began on February 28, also targeted the Islamic Revolutionary Guard Corps (IRGC) command and control systems in an effort to limit their ability to coordinate counterattacks.

The cyberattacks against Iran included distributed denial-of-service (DDoS) attacks and “deep intrusions” into the country’s energy and aviation infrastructure systems. Some reports have described the attacks as the “largest cyberattack in history.”

Additionally, pro-Western hackers have hijacked a popular prayer app in Iran, sending out push notifications to users that read “Help has arrived!” Internet observatory NetBlocks reported a 48-hour internet blackout in Iran, which is not uncommon in the country and is often used by the regime to hide human rights violations.

Iranian Retaliation

Iranian and pro-Iranian threat actors have also launched a series of cyberattacks against US and Israeli targets. One group claimed to have targeted air defense systems belonging to an Israeli company, while another group claimed to have disrupted manufacturing and energy distribution systems in Israel.

Cybersecurity company Flashpoint reported that Iran is conducting a cyber campaign dubbed “The Great Epic,” which has targeted fuel infrastructure in Jordan and industrial control systems (ICS) in Israel. Other threat groups have focused on DDoS attacks and data-wiping operations against US and Israeli military logistics providers.

Expert Analysis

Adam Meyers, head of counter-adversary operations at CrowdStrike, stated that the company is seeing activity consistent with Iranian-aligned threat actors and hacktivist groups conducting reconnaissance and initiating DDoS attacks. “These behaviors often precede more aggressive operations,” Meyers noted.

Cynthia Kaiser, former Deputy Assistant Director at the FBI Cyber Division, warned that Iran has a long history of using cyber operations to retaliate against perceived political slights. “From disabling US financial websites to erasing data from the Las Vegas Sands Casino, Tehran’s cyber playbook has been aggressive and evolving,” Kaiser said.

Kaiser also noted that ransomware has become an increasingly important tool in Iran’s cyber arsenal, and that destructive tools could be used against US networks in the coming weeks.

Caution on Cyberattack Impact Claims

While the impact of the cyberattacks is still unclear, experts caution that Iranian hackers are known to exaggerate the impact of their operations. Both Israel and the US have highly developed offensive cyber tools, and reports detailing the impact of cyberattacks in periods of escalation can be prone to exaggeration.

However, the demonstrated ability of state-linked actors to conduct sophisticated cyber intrusions in parallel with kinetic operations underscores a genuine and evolving threat that demands continued vigilance and preparedness.