US Scanning Cyberspace for Signs of Iranian Aggression

U.S. government officials are watching and waiting, with many believing it is only a matter of time before Iran lashes out in cyberspace for the U.S. drone strike that killed Quds Force commander Qassem Soleimani last week.According to the latest advisory from the Department of Homeland Security, there are still “no specific, credible threats” to the United States. But officials say Iran’s public assurances that it is done retaliating mean little.“Iran has been one of the most malicious actors out there,” a senior State Department official said Thursday. “We’re very concerned about Iran’s capabilities and activities.”U.S. government officials have been hesitant to comment in any detail on what Iranian cyber actors have been up to in recent days, though they note Iran’s capabilities are on par with Russia, China and North Korea when it comes to using cyber to target industrial control systems or physical infrastructure.“DHS [Department of Homeland Security] is operating under an enhanced posture to improve coordination and situational awareness should any specific threats emerge,” a department spokesperson told VOA.The spokesperson added DHS is coordinating with U.S. intelligence agencies, key private sector companies and organizations, and is ready to “implement enhanced security measures, as needed.”Iranian Cyber ActivityBracing for a ‘significant’ attackIntelligence officials say much of Iran’s cyber activity is driven by the Islamic Revolutionary Guard Corps (IRGC), sometimes using front companies or sometimes carrying out cyberattacks themselves.Past Iranian cyberattacks have ranged from distributed denial of service attacks (DDoS), which block access to websites by overwhelming the server hosting the site with internet traffic, to efforts to deface websites or attempts to steal personal data.An alert this week from the FILE – The Twitter and Facebook logos, Nov. 26, 2019.Ramping up disinformation campaignsAnd once the U.S. airstrike took out Soleimani, the Iranian disinformation machinery went into action.“As that news came out, we saw them ramp their program and start pushing that stuff out,” Hultquist said.The disinformation from Iran’s proxy forces in the Middle East further increased Tuesday during Iran’s retaliatory missile strike on Iraqi bases hosting U.S. and coalition forces — “in terms of reports coming in about certain hits that happened and numbers of casualties from the Iranian response,” said Phillip Smyth, an analyst with the Washington Institute for Near East Policy who has been tracking social media activity by the Iranian-backed militias.But Iran-linked cyber actors have also eyed more ambitious campaigns.In October 2018, for example, Facebook and Instagram removed 82 accounts, pages and groups from their platforms.The posts, Facebook said, focused on “politically charged topics such as race relations, opposition to the [U.S.] president and immigration.”Facebook Removes 82 Iranian-Linked Accounts

        Facebook announced Friday that it has removed 82 accounts, pages or groups from its site and Instagram that originated in Iran, with some of the account owners posing as residents of the United States or Britain and tweeting about liberal politics.At least one of the Facebook pages had more than one million followers, the firm said. The company said it did not know if the coordinated behavior was tied to the Iranian government. 

Analysts said while those Iranian disinformation efforts paled in comparison to the campaign run by Russia in the run-up to the 2016 U.S. presidential elections, the effort showed signs of increasing sophistication, which has continued to this day.Some former U.S. officials and analysts also suspect Iran may be targeting news outlets.The Kuwaiti government Wednesday said the Kuwait News Agency’s Twitter account was hacked after it posted false reports that the U.S. was withdrawing all troops based in the country.Separately, hackers claiming to be working on behalf of Iran defaced the website of the U.S. Federal Depository Library Program.Despite suspicions and concerns, though, officials have yet to definitely attribute either attack to Iran. And there is a risk that such attacks are actually the work of other cyber actors.For example, former officials said there have been instances in the past where Russian cyber operatives hijacked Iranian infrastructure or malware to launch intrusions of their own.Targeting AmericansIran, though, has other tools it can use to strike the U.S. and the West. “Iranian cyber actors are targeting U.S. government officials, government organizations and companies to gain intelligence and position themselves for future cyber operations,” U.S. intelligence agencies warned in their most recent threat assessment.Iran’s Cyber Spies Looking to Get Personal

        Iran appears to be broadening its presence in cyberspace, stealing information that would allow its cyber spies to monitor and track key political and business officials, including some in the United States.A new, U.S. intelligence report released Tuesday warned Iranian cyber actors "are targeting U.S. Government officials, government organizations, and companies to gain intelligence and position themselves for future cyber operations."The latest Worldwide Threat Assessment also said Tehran has been…

The U.S.-based cybersecurity firms FireEye and Symantec have said their research shows Iranian-linked cyber actors have paid particular attention to telecommunications and travel companies, mining them for personal data that could prove useful in such cyber campaigns.Not everyone, however, is convinced Iran is positioned to launch a major cyber offensive.“A lot of the doom and gloom headlines that are out there right now, I think, are overblowing or overhyping the immediate cyberthreat coming from Iran,” Hoover Institution Fellow Jacquelyn Schneider said.“The reality is that Iranians have been conducting these cyberattacks over the last year, if not longer,” she said, adding that while there may well be an uptick in attacks, “they’ve been trying this entire time.”Still, a former U.S. National Security Agency threat manager cautions even a small cyberattack can inadvertently do widespread damage.“There’s always the potential that an attack or an intrusion, which is physically or strategically designed to only impact a certain geography or certain network, creeps to other parts of the network,” said Priscilla Moriuchi, now head of nation-state research at the cybersecurity firm Recorded Future.




leave a reply