The U.S. military cyber forces launched a cyber strike against the Iranian military computer systems on Thursday. Iran pays heavy price for its recent terror activities.
Two officials told The Associated Press that the strikes were conducted with approval from Trump. A third official confirmed the broad outlines of the strike. All spoke on condition of anonymity because they were not authorized to speak publicly about the operation.
IRAN PAYS HEAVY PRICE
Apparently, the cyberattacks disabled Iranian computer systems that controlled its rocket and missile launchers. Official sources said the attacks, which specifically targeted the IRGC computer system, were provided as options. This after Iranian forces blew up two oil tankers earlier this month.
Earlier this year, the Trump administration designated the IRGC as a foreign terrorist group. The IRGC is a branch of the Iranian military.
The action by U.S. Cyber Command was a demonstration of the U.S.’s increasingly mature cyber military capabilities and its more aggressive cyber strategy under the Trump administration. Over the last year U.S. officials have focused on persistently engaging with adversaries in cyberspace and undertaking more offensive operations.
There was no immediate reaction Sunday morning in Iran to the U.S. claims. Iran has hardened and disconnected much of its infrastructure from the internet after the Stuxnet computer virus. The U.S. and Israel cooperated on its creation to disrupt thousands of Iranian centrifuges in the late 2000s.
Tensions have escalated between the two countries ever since the U.S. withdrew last year from the 2015 nuclear deal with Iran. It replaced the loose Iran Deal with a “maximum pressure.” policy intended to tame Iranian behavior. The U.S. hit Iran since with multiple rounds of sanctions. Tensions spiked this past week after Iran shot down an unmanned U.S. drone.
The cyberattacks are the latest chapter in the U.S. and Iran’s ongoing cyber operations targeting the other. Yahoo News first reported the cyber strike.
IRAN ASKED FOR IT
In recent weeks, hackers believed to be working for the Iranian government have targeted U.S. government agencies; as well as sectors of the economy, including finance, oil and gas, sending waves of spear-phishing emails. Both CrowdStrike and FireEye, which regularly monitor cyber attacks confirmed the Iranian cyberattacks. This new campaign appears to have started shortly after the Trump administration imposed sanctions on the Iranian petrochemical sector this month.
It was not known if any of the hackers managed to gain access to the targeted networks with the emails.
Tensions have run high between the two countries since the U.S. withdrew from the 2015 nuclear deal with Iran last year and began a policy of “maximum pressure.” After the Trump administration levied more sanctions, Iran shot down an unmanned U.S. drone this week.
John Hultquist, director of intelligence analysis at FireEye, said:
Both sides are desperate to know what the other side is thinking. You can absolutely expect the regime to be leveraging every tool they have available to reduce the uncertainty about what’s going to happen next, about what the U.S.’s next move will be.
CrowdStrike shared images of the spear-phishing emails with the AP.
DIRECT FROM THE IRANIAN PRESIDENT
One such email FireEye confirmed appeared to come from the Executive Office of the President. It seemed to be trying to recruit people for an economic adviser position. Another email was more generic and appeared to include details on updating Microsoft Outlook’s global address book.
The Iranian actor involved in the cyberattack, dubbed “Refined Kitten” by CrowdStrike, has for years targeted the U.S. energy and defense sectors; as well as allies such as Saudi Arabia and the United Arab Emirates.
The Department of Homeland Security said in a statement released Saturday that its agency tasked with infrastructure security has been aware of a recent rise in malicious cyber activities directed at U.S. government agencies by Iranian regime actors and proxies.
Cybersecurity and Infrastructure Security Agency Director Christopher C. Krebs said the agency has been working with the intelligence community and cybersecurity partners to monitor Iranian cyber activity and ensure the U.S. and its allies are safe.
What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network.
The National Security Agency would not discuss Iranian cyber actions specifically; but said in a statement to the AP on Friday that “there have been serious issues with malicious Iranian cyber actions in the past.”
“In these times of heightened tensions, it is appropriate for everyone to be alert to signs of Iranian aggression in cyberspace and ensure appropriate defenses are in place,” the NSA said.
IT’S WAR WITH ONES AND ZEROS
Sergio Caltagirone, vice president of threat intelligence at Dragos Inc., said:
This is not a remote war (anymore). This is one where Iranians could quote unquote bring the war home to the United States.
Caltagirone said as nations increase their abilities to engage offensively in cyberspace, the ability of the United States to pick a fight internationally and have that fight stay out of the United States physically is increasingly reduced.
Iran has shown a willingness to conduct destructive campaigns. Iranian hackers in 2012 launched an attack against state-owned oil company Saudi Aramco. they released a virus that erased data on 30,000 computers and left an image of a burning American flag on screens.
In 2016, the U.S. indicted Iranian hackers for a series of punishing cyberattacks on U.S. banks; as well as on a small dam outside of New York City.
The Defense Department refused to comment on the latest Iranian activity.
Pentagon spokeswoman Heather Babb said in a statement:
As a matter of policy and for operational security, we do not discuss cyberspace operations, intelligence or planning.
The White House did not respond to a request for comment.
Despite the apparent cyber campaign, experts say the Iranians would not necessarily immediately exploit any access they gain into computer systems. Instead, they may seek to maintain future capabilities should their relationship with the U.S. further deteriorate.
“It’s important to remember that cyber is not some magic offensive nuke you can fly over and drop one day,” said Oren Falkowitz, a former National Security Agency analyst. It takes years of planning, he said, but as tensions increase, “cyber impact is going to be one of the tools they use and one of the hardest things to defend against.”