The actions of Iranian hackers could have come straight out of a Soviet intelligence handbook. Allegedly, a cyber unit from Tehran managed to hack the account of a senior official in the Trump campaign in the U.S. in June. They reportedly gained access to internal documents of the Republican Party. Later, an anonymous source contacted U.S. media and offered journalists internal information from the Republican campaign. Among the documents was a dossier on the vice-presidential candidate Vance, which was confidential but not highly sensitive. The incident became public in August. In previous U.S. elections, Russia conducted similar covert operations to influence public opinion. In 2016, the Democrats and their candidate, Hillary Clinton, were the targets of a hack-and-leak operation. Attackers, acting on behalf of the Kremlin, also stole internal information during a cyberattack, which they subsequently published.
Now, Iran is in the public spotlight. This may come as a surprise, as the country has developed its cyber capabilities significantly over the past ten years. Tehran does not shy away from using cyberattacks as a means of asymmetric warfare, even against Israel or the U.S. Today, Iran ranks alongside Russia, China, and North Korea as one of the states that most frequently conducts cyberattacks against Western targets. This development is due to geopolitical factors and a spectacular cyber operation by Israel and the U.S.
In 2010, a highly sophisticated cyber operation against Iran was exposed. Israel and the U.S. managed to sabotage Iran’s nuclear program with malware called Stuxnet. The malware damaged centrifuges at the Natanz nuclear facility, slowing down uranium enrichment. The attack went unnoticed for three years. The Stuxnet incident prompted Tehran to expand its cyber capabilities. This expansion not only included measures to protect against cyberattacks but also the establishment of units capable of launching attacks—whether for domestic surveillance or for espionage and sabotage abroad. Tehran quickly began using cyberattacks in regional power struggles, for example, to sabotage the oil and gas industry of its rival, Saudi Arabia. A cyberattack in 2012 allegedly caused damage worth tens of millions of dollars to Saudi Aramco.
In its conflict with Israel, Iran uses cyber means to wage a shadow war. Various groups—from state units to so-called “patriotic hackers” to organizations with unclear connections to the regime—carry out attacks. They spy on Israeli authorities and companies, steal personal information and publish it, or attempt to temporarily disable online services. Semi-state groups often opportunistically choose their targets, infiltrating IT systems that are vulnerable due to security flaws. The attacks are often exaggerated or misrepresented to cause public insecurity and score propaganda victories.
Israel, in turn, also uses cyberattacks. Most of these actions are never made public, as both the attackers and the victims remain silent about them. However, there are instances where the logic of strike and counterstrike can be observed in cyberspace, similar to rocket attacks or the assassinations of key officials. Iran was reportedly behind a foiled cyberattack on water supplies in two Israeli districts in 2020. Shortly afterward, Israel retaliated by disrupting the flow of goods in an Iranian port through a cyberattack, as a form of deterrence.
Cyberattacks are also a tool used against the U.S. Tehran can use them to strike at its technologically superior adversary without risking major military escalation. Iranian cyberattacks align with diplomatic developments. After the signing of the nuclear agreement in 2015, which led to the easing of international sanctions on Iran, attacks decreased. However, after the U.S., under President Donald Trump, withdrew from the agreement in 2018, Iran increasingly resorted to cyberattacks. Therefore, Iran’s interference in the U.S. election now comes as no surprise. Already four years ago, Iran had carried out covert operations aimed at undermining the credibility of election results.
The war in Ukraine has strengthened the Tehran-Moscow axis in recent months. Iran provides Russia with important drone technology, which compels the Kremlin to offer something in return. According to a report by the Wall Street Journal last year, this includes technology in the electronic domain. This cooperation—like previous ones—reportedly involves tools for cyber defense and surveillance of mobile phones and telecommunications. Whether Russia has provided advanced tools for cyberattacks is unclear. While Iran may not be technologically on par with cyber powers like the U.S., Israel, or Russia, it has nonetheless become a threat to Western states. What is particularly noteworthy is the recklessness with which Tehran is willing to use cyberattacks. This was especially evident in the case of Albania. Two years ago, Iran attacked the administration of the Balkan state. As a result, the government’s online services were disrupted, and administrative data was destroyed.
Albania is a member of NATO. A serious cyberattack on critical infrastructure of a member state could trigger the clause for collective defense. Albania, however, refrained from invoking this clause. Instead, it severed diplomatic relations with Iran. The massive Iranian cyberattack was likely in response to a planned congress of the People’s Mujahedin, a militant Iranian opposition group. Around 3,000 members of this group have enjoyed asylum in Albania for several years, which has angered the regime in Tehran.
Iran is evidently not deterred from using its cyber capabilities against opposition groups abroad. As a result, European states could also become targets of the regime. The regional power of Iran has thus evolved into a global threat in cyberspace.
All publishing rights and copyrights reserved to MENA Research Center.
