Iran could launch cyber attacks in response to renewed sanctions
President Trump's re-imposition of sanctions against Iran could lead the country to respond by launching cyber attacks on Western businesses within months, according to a new report.
Threat intelligence company Recorded Future has today released new research and analysis into the Iranian cyber threat.
Since at least 2009, Iran has regularly responded to sanctions or perceived provocations by conducting offensive cyber campaigns say the report's authors. "The Islamic Republic has historically preferred to use proxies or front organizations both in physical conflict -- Hezbollah against Israel and Yemen rebels against Saudi Arabia -- and cyberattacks to achieve its policy goals."
The report offers some interesting insights into how Iranian cyber operations work. They are administered using a tiered approach, where an ideologically and politically trusted group of middle managers translate intelligence priorities into segmented cyber tasks which are then put out for bids from multiple contractors. This creates a system that pits contractors against each other for influence with the Iranian government.
The report also notes an 'embedded paranoia', where ultimately no one can be trusted. The situation creates unique trade-offs in Iran's government-sanctioned offensive cyber campaigns. Individuals with demonstrated adherence to the government's ideology and individuals with the greatest offensive cyber skills are almost always mutually exclusive.
This trade off between ideology and skill is a problem for the regime. Attempts to build a cyber capability have focused on young hackers lured by financial benefits, but the report notes, "This motivation bred government mistrust, as the Islamic Republic feared that the financially motivated could be bought by foreign intelligence services. Additionally, many of the original Iranian hackers responsible for mass defacements hated authority and lacked the discipline necessary for government work."
As part of the research, interviews were conducted with a former Iranian hacker with first-hand knowledge of the information shared. Based on the source's conversations with other hackers in Iran, it's believed there are over 50 contractors vying for Iranian government-sponsored offensive cyber projects. Only the best individuals or teams succeed, are paid, and remain in business.
You can find out more about the report on the Recorded Future blog.