After Israel and the US troops attacked Iran’s nuclear targets, officials from both countries issued warnings about a potentially destructive cyberattack carried out by hackers in the Islamic Republic.
But as a fragile ceasefire is maintained, US and Israeli cyber defenders say they have hardly seen anything unusual up until now. This is a potential indication that threats from Iran’s cyber capabilities, like its abused military, may be overestimated.
There were no indications of destructive cyberattacks that were often called during discussions of Iran’s digital capabilities, such as the 2012 interference that allegedly smashed tens of thousands of computers at major oil company Saudi Aramco, or intrusions at US casinos or water capabilities.
“The amount of attacks appears to be relatively low,” said Nicole Fishbein, a senior security researcher at Israeli company Intezer. “The technology used is not particularly sophisticated.”
An online vigilante group, allegedly played by security analysts at Iran’s direction, boasts hacking a range of Israeli and Western companies in the wake of air strikes.
A group called Handala Hack claimed a series of data robberies and break-in, but Reuters could not support the latest hacking claims. Researchers say the group that emerged in the wake of the attack on Palestinian extremist group Hamas on October 7, 2023, likely came from Iran’s Intelligence Ministry.
Rafe Pilling, a leading threat intelligence researcher at British cybersecurity company Sophos, said the impact from hacking activities was modest.
“As far as we know, it is a normal mix of inefficient chaos from a real group of Hattitivists and targeted attacks from Iran-linked personas, perhaps not only is it successful, but it exaggerates its impact,” he said.
Iran’s mission to the United Nations in New York did not respond to a request for comment. Iran has generally refused to carry out hacking campaigns.
Israeli company Checkpoint Software said the hacking campaign, which is tied to Iran’s innovative security guards, recently sent phishing messages to Israeli journalists, academic staff and others.
In one case, the hackers tried to lure targets to a physical meeting in Tel Aviv, according to Sergey Shakevich, Checkpoint’s Threat Intelligence Group Manager. He added that the reason behind the proposed meeting is not clear.
Shykevich said there have been several attempts to destroy data on Israeli targets, and he refuses to identify them, and is likely to assess Israeli bomb damage – a dramatic increase in attempts to take advantage of vulnerabilities in Chinese-made security cameras.
Iranian cyber operations demonstrate asymmetry due to pro-Israel cyber operations linked to the air war that began on June 13th.
In the days after the conflict began, allegedly Israeli hackers have allegedly destroyed data at one of Iran’s leading state banks. They also burned about $90 million in cryptocurrencies that hackers claim to be linked to government security services.
Israel’s National Cyber Bureau did not reply to a message seeking comment.
Analysts said the situation is fluid and there could be a more sophisticated cyber-espionage flying under the radar.
Israeli and US authorities are urging the industry to keep an eye on it. A June 22nd Homeland Security bulletin warned that ongoing conflicts could cause a growing threat environment in the United States, and that cyber actors affiliated with the Iranian government could launch attacks on the US network.
The FBI declined to comment on the possibility of Iran’s cyber activity in the United States.
Yelisey Bohuslavskiy, co-founder of intelligence reporting company Red Sense, compared Iran’s cyber operations to missile programs. Iranian weapons that rained in Israel during the conflict killed 28 people and destroyed thousands of homes, but most were intercepted and none significantly damaged the Israeli army.
Bohuslavskiy said Iran’s hacking operations appear to work similarly.
“There’s a lot of excitement, there’s a lot of indiscriminate civilian targets, and realistically, there aren’t that many outcomes,” he said.
