- 2020 ( : - : 38 - : 1642 )                     ( : - : 0 - : 7 )                    ..  ( : - : 0 - : 8 )                    ..  ( : - : 74 - : 8197 )                    : .. ǿ! ( : - : 0 - : 8 )                    -  ( : - : 1 - : 2982 )                     ( : - : 0 - : 5 )                    .. ߿ ( : - : 0 - : 36 )                    ..  ( : - : 0 - : 40 )                    ..  ( : - : 0 - : 41 )                    " " .. " " ( : - : 0 - : 34 )                    22  ( : - : 0 - : 29 )                    ѿ  ( : - : 0 - : 41 )                    ()  ( : - : 0 - : 45 )                     ( : - : 0 - : 45 )                   



 
  ..[ ].. > > ( ) ( Department of General military subjec
 


The Invisible U.S.-Iran Cyber War

( ) ( Department of General military subjec


 

14-07-20, 06:20 PM

  : 1

The Invisible U.S.-Iran Cyber War



 

The Invisible U.S.-Iran Cyber War
June 4, 2020
By 2020, tensions between the United States and Iran increasingly played out in invisible cyberspace. Both governments acknowledged that cyberattacks were central to their strategies. The scope was unknown, but cyberspace has turned into a near-unrestricted war zone. Cyber offered an alternative to kinetic military action that could lead to full-scale war which both Washington and Tehran sought to avoid.

Iranian ******* targeted U.S. citizens in the lead up to the 2020 U.S. presidential election. In October 2019, Microsoft warned that an Iranian-government hacker group had tried to breach e-mail accounts associated with journalists, current and former U.S. government officials and a U.S. presidential campaign. And in June 2020, Google said that Iran tried and failed to breach e-mail accounts associated with President Donald Trumps reelection campaign.

U.S. cyberwarfare specialists training at the Warfield Air National Guard Base in Maryland
Sustained U.S. cyber activities against Iran are widely traced to a covert campaign code-named Operation Olympic Games. Started in 2006 under the Bush administration, the program targeted Iranian nuclear capabilities. President Obama expanded Olympic Games to include the use of offensive cyber weapons against Irans nuclear enrichment facilities. In 2010, the Stuxnet virus, allegedly designed by the United States and Israel, seriously damaged the Natanz uranium enrichment facility.
In June 2019, the Trump administration retaliated against Irans downing of a U.S. drone with a cyberattack on a Revolutionary Guard (IRGC) database used to plan attacks on tankers. The United States struck again in September 2019 after Iran allegedly launched drones and cruise missiles on two Saudi oil facilities. Iran, in turn, has ramped up its efforts to penetrate U.S. soft targets and email accounts.
Iranian cyberattacks against the United States date back to 2009, when the so-called Iranian Cyber Army defaced Twitters homepage in response to the Green Revolution protests over alleged fraud in the reelection of President Mahmoud Ahmadinejad.
Screenshot of the Twitter homepage in December 2009

Iranian cyber activities against the U.S.

Since 2009, Irans cyber capabilities have since grown in sophistication and scope. Iran has primarily targeted the private sector rather than U.S. government systems. In September 2012, Iranian ******* directed a Distributed Denial of Service (DDoS) attack against U.S. banks. The campaign, nicknamed Operation Ababil, blocked access to the websites of major financial institutions by overwhelming their servers with web traffic. The attacks cost Western firms millions in lost business, according to a Department of Justice indictment.
Tehran appeared to accelerate its cyber operations against the United States government and its regional partners after the election of President Donald Trump. In August 2017, a cyberattack tied to Iran nearly triggered an explosion at a Saudi petrochemical plant. In December 2018, the Department of Justice indicted two Iranian ******* for a ransomware attack that had crippled Atlantas city government in March of that year. The attack locked the files of 8,000 municipal employees and took offline local government operations for nearly a week.
These attacks have coincided with increased Iranian online espionage. In May 2018, cybersecurity firm CrowdStrike warned its clients about a notable increase in Iranian phishing activity a day after President Trumps withdrawal from the JCPOA nuclear deal. Before Israels election in March 2019, Benny Gantz, leader of the Blue and White party, reportedly had his phone ****** by Iranian intelligence.
On January 4, 2020, the Department of Homeland Security (DHS) warned of a potential Iranian cyberattack in the aftermath of the death of Qods Force commander Qassem Soleimani. The agency said a retaliatory cyberattack by Iran or its proxies could come with little to no warning in a bulletin posted to its website. Although DHS said it had no information indicating a specific, credible threat to the Homeland, Iran and Hezbollah had the intent and capability to conduct a cyberattack within the United States. Later that day, cyber vandals claiming affiliation with Iran defaced the website of the Federal Depository Library Program and threatened further attacks.
U.S. cyber activities against Iran

U.S. sailors at the Fleet Operations Center at U.S. Fleet Cyber Command

Since 2006, the United States has ramped up its cyber offensive operations against Iranian government computer systems. The most famous cyberattack was the unleashing of the Stuxnet virus on Natanz, which damaged nearly 1,000 centrifuges and infected 30,000 computers. Iran was forced to take tens of thousands of computers offline. Other cyberattacksincluding the Flame and Wiper, viruses reportedly part of Operation Olympic Games-- targeted Irans oil infrastructure.
The Trump administration accelerated cyber operations in response to Iranian attacks in the Persian Gulf. In June 2019, United States conducted a cyberattack on Iran after it downed a U.S. drone near the Strait of Hormuz. The attack wiped clean an IRGC database used to plan attacks against tankers in the Persian Gulf. Netblocks, a cyber monitoring firm, also reported widespread internet disruption in Iran after the drone attack.
In September 2019, the United States carried out a cyberattack against unspecified Iranian physical hardware equipment used to disseminate propaganda after Irans attacks on two Saudi oil facilities. The unusual U.S. confirmation of its attacks in October suggested the goal was deter Iran without resorting to kinetic strikes.


Known Iranian Hacker Groups

Izz ad-Din al-Qassam Cyber Fighters This group claimed responsibility for the DDoS cyberattacks against U.S. financial institutions in September 2012. The same month, Sen. Joe Lieberman claimed that the group was connected to the IRGCs elite Qods Force.
APT33 (aka Elfin, Refined Kitten, Holmium) This group carried out cyber espionage operations against aviation, military, and energy targets in the United States, Saudi Arabia and South Korea. Cybersecurity firm FireEye linked APT33 to the Iranian government.
Phosphorous (aka APT35, Charming Kitten, Ajax Security) This group attempted to breach the e-mail accounts of the Trump re-election campaign in 2019, as well as accounts of U.S. government officials, journalists, and Iranians living outside Iran. Microsoft linkedPhosphorous with the Iranian government.
OilRig This group focused on private industry targets outside of Iran, most famously hacking ****don Adelsons Las Vegas Sands Corporation in February 2014. The group was, in turn, ****** by Turla, a Russian FSB-associated group. The Russians used the hijacked group to hack targets in the Middle East and the United Kingdom, according to U.S. and British officials in October 2019.
Iranian Dark Coders Team This hacking collective primarily focused on cyber-vandalism. It defaced American and Israeli websites with pro-Hezbollah and pro-Iran propaganda in 2012. The group has not been tied to the Iranian government and may consist of freelancers or criminal elements.
Timeline of U.S.-Iran Cyberattacks

December 18, 2009 Twitters homepage was ****** and defaced by a group claiming to be the Iranian Cyber Army in response to the Green Revolution protests.
July 2010 The Stuxnet virus was identified by a Belorussian computer security company. Subsequent technical analysis showed the malware was likely created to target Iranian industrial facilities.
September 25, 2010 Irans Atomic Energy Organization said it was fighting malware that targeted its nuclear facilities. An Iranian official said 30,000 computers had been infected by Stuxnet.
April 25, 2011 Irans cyber defense agency discovered a virus nicknamed Stars that was designed to infiltrate and damage its nuclear facilities.
April 23, 2012 Cyberattacks forced Iran to take several oil terminals offline. The virus, nicknamed Wiper, spread through the Iranian Oil Ministry and National Iranian oil Company.
May 9, 2012 Iran acknowledged that a virus dubbed Flame had infected government computers and was capable of stealing data.
June 19, 2012 Western officials told The Washington Post that U.S. and Israel had deployed the Flame virus to collect intelligence on Iranian computer networks in order to prepare for a cyberwarfare campaign.
July 2012 Iranian ******* targeted Israeli government officials with a cyber espionage tool nicknamed Madi. The malware logged keystrokes, recorded audio, and stole ********s.
August 2012 The Shamoon virus erased three-quarters of all corporate computers owned by Saudi Aramco and replaced the data with an image of a burning American flag. U.S. officials blamed Iran for the cyberattack.
September 11, 2012 A group called the Izz ad-Din al-Qassam Cyber Fighters directed a DDoS attack against U.S. banking infrastructure in a cyber campaign named Operation Ababil.
October 12, 2012 U.S. official blamed Iranian ******* with ties to the government for attacks against U.S. banks and Saudi oil facilities.
January 8, 2013 U.S. officials blamed Iran for the Operation Ababil banking cyberattacks.
September 27, 2013 Iranian ******* compromised unclassified U.S. Navy computers in the midst of talks over Irans nuclear program.
February 2014 Iranian ******* targeted ****don Adelsons Las Vegas Sands Corp. The attack shut down communications systems and wiped hard drives clean.
November 2015 IRGC ******* targeted State Department and other Obama administration officials.
March 24, 2016 The Department of Justice indicted seven Iranian ******* for cyberattacks against U.S. banks and a New York dam. It claimed the ******* worked on behalf of the Iranian government and the IRGC.
November 11, 2016 The Shamoon virus resurfaced in Saudi Arabia, according to Symantec.
January 2017 An updated Shamoon virus targeted Saudi government computer systems at petrochemical plants.
August 2017 A failed cyberattack attempted to trigger an explosion at a Saudi petrochemical company.
March 22, 2018 A ransomware attack known as SamSam crippledAtlantas city government.
May 9, 2018 Cybersecurity firm CrowdStrike warned about a notable increase in Iranian cyberactivity within 24 hours of the Trump administrations withdrawal from the JCPOA.
July 20, 2018 U.S. senior officials warned Iran had prepared for extensive cyberattacks against the United States and European infrastructure.
October 28, 2018 The head of Irans civil defense agency claimed it had neutralized a new generation of Stuxnet attempting to enter the countrys communications infrastructure. Iranian officials blamed Israel for the attack.
December 5, 2018 The Department of Justice indicted two Iranian nationals for the SamSam ransomware attack against the city of Atlanta.
January 2019 Cybersecurity firm FireEye detailed a two-year campaign by Iran to steal login credentials and business details in the Middle East, Europe and North America.
March 6, 2019 Microsoft said Iranian cyberattacks had targeted over 200 companies in the past two years.
April 2019 A hack against Iranian data centers left a U.S. flag on Iranian computer screens along with a message not to interfere with American elections.
June 17, 2019 Tehran claimed it dismantled a CIA-run cyber espionage network in Iran.
June 20, 2019 The United States conducted a cyberattack after Irans attacks against oil tankers in the Strait of Hormuz and downing of a U.S. drone. U.S. officials later told The New York Times that the attacks wiped clean an IRGC database used to plan the tanker attacks.
June 22, 2019 The Department of Homeland Security said Iran had increased its malicious cyber activity against U.S. government agencies and private industry.
June 26, 2019 Netblocks reported widespread internet disruption in Iran.
July 17, 2019 Microsoft said nearly 10,000 customers were targeted by state-sponsored cyberattacks from Iran, Russia, and North Korea
September 2019 The United States conducted a cyberattack against Iran in retaliation for a drone and missile attack against Saudi oil facilities. U.S. officials told Reuters the operation targeted physical hardware related to Irans ability to disseminate propaganda.
October 4, 2019 Microsoft said that Iranian hacker group Phosphorous tried to breach accounts associated with U.S. presidential campaigns. The ******* failed to breach accounts connected with President Trumps re-election campaign as well as the accounts of journalists and U.S. officials.
October 22, 2019 Court ********ed revealed that the FBI tracked Iranian ******* who had breached American satellite technology companies.
February 8, 2020 Netblocks reported that national internet connectivity in Iran fell to 75 percent after Iran activated cyber countermeasures to a DDoS attack.
The head of Irans civil defense organization blamed the United States for a DDoS cyberattack that led to hours of service disruption.
April 2020 ******* linked to Iran reportedly conducted a phishing attack against top executives at Gilead Sciences Inc, a U.S. drugmaker. Cybersecurity researchers at Israeli cybersecurity firm ClearSky traced the web domain and servers employed in the attack back to Iran.
June 4, 2020 Google said that Iranian ******* with APT 35 conducted a phishing attack against President Trumps reelection campaign. The ******* failed to gain access to any staffer email accounts.
Andrew Hanna, a research assistant at the U.S. Institute of Peace, assembled this report.
Photo Credit: Air Force photo by J.M. Eddins Jr. via Department of Defense

Photo Credit: This Web Site Has Been ****** By Iranian Cyber Army via Flickr (CC BY 2.0)

Photo Credit: U.S. Navy photo by Samuel Souvannason via

 

 


 








 
: " "





   


« | »




07:34 PM

 RSS Feeds - - -

Powered by vBulletin® Copyright ©2000 - 2020, Jelsoft Enterprises Ltd. TranZ By Almuhajir