By AJ Vicens, Raphael Satter and Michelle Nichols
June 27 (Reuters)
Hackers in Iran are skillful in their craft, having taken the time to improve on their skills over the years. As a โtestamentโ to their skills, one could consider the fact that they were able to probe some critical infrastructure within the US. A series of attacks were also targeted against the Trump campaign, various journalists as well as some Iranians living abroad.
Understanding Iran from a different level
After Israeli and American forces struck Iranian nuclear targets, officials in both countries sounded the alarm over potentially disruptive cyberattacks carried out by the Islamic Republicโs hackers. But as aย fragile ceasefireย holds, cyber defenders in the United States and Israel say they have so far seen little out of the ordinary โ a potential sign that the threat from Iranโs cyber capabilities, like its battered military, has been overestimated.
There has been no indication of the disruptive cyberattacks often invoked during discussions of Iranโs digital capabilities, such as its alleged sabotage of tens of thousands of computers at major oil company Saudi Aramco in 2012, or subsequent break-ins at U.S. casinos or water facilities. During the Saudi Aramco incident, a malware attack partially wiped or totally destroyed the hard drives of various Aramco computers. 35,000 to be exact.
When hackers wreak significant havoc
Nicole Fishbein, a senior security researcher with the Israeli company Intezer said:
“The volume of attacks appears to be relatively low,”
“The techniques used are not particularly sophisticated.”
Intezer is a company that uses AI to triage, investigate and also respond to various security alerts. This is done on a 24/7 basis. It allows for integration with security tools and is able to provide relevant reports, recommendations, etc.
A group calling itself Handala Hack claimed a string of data heists and intrusions, but Reuters was not able to corroborate its most recent hacking claims. Researchers say the group, which emerged in the wake of Palestinian militant group Hamasโ October 7, 2023, attack on Israel, likely operates out of Iranโs Ministry of Intelligence. Rafe Pilling, lead threat intelligence researcher at British cybersecurity company Sophos, said the impact from the hacking activity appeared to be modest.
The Western take on the issue at hand
Israeli firm Check Point Software said aย hacking campaign, it ties to Iranโs Revolutionary Guards has in recent days sent phishing messages to Israeli journalists, academic officials and others. In one case, the hackers tried to lure a target to a physical meeting in Tel Aviv, according to Sergey Shykevich, Check Pointโs threat intelligence group manager. He added that the reasoning behind the proposed meeting was not clear.
The pro-Iranian cyber operations demonstrate an asymmetry with pro-Israeli cyber operations tied to the aerial war that began on June 13. In the days since the start of the conflict, suspected Israeli hackers have claimed to haveย destroyed dataย at one of Iranโs major state-owned banks. They also burned roughlyย $90 million in cryptocurrencies that the hackers allege were tied to government security services. Analysts said the situation is fluid and that more sophisticated cyber espionage activity may be flying under the radar.
Both Israeli and U.S. officials have urged industry to be on the lookout. A June 22 Department of Homeland Security bulletin warned that the ongoing conflict was causing a heightened threat environment in the U.S. and that cyber actors affiliated with the Iranian government may conduct attacks against U.S. networks. Cyber-attacks in itself can cause serious problems. Not only reputational damage and financial losses are at stake, but operation disruptions can also be at the order of the day. Flowing from such actions can also be some legal consequences not only on an individual basis, but also for an organization as a whole.