Following military strikes conducted by Israeli and American forces on Iranian nuclear targets, concerns have heightened regarding the potential for disruptive cyberattacks orchestrated by Iranian hackers.
However, as a fragile ceasefire remains in place, cybersecurity experts from both the United States and Israel have reported minimal unusual activity, indicating that the perceived threat from Iran’s cyber capabilities may have been overstated.
Most notably, there has not been a significant emergence of the kind of destructive cyberattacks that have previously characterized Iran’s digital operations, such as the 2012 sabotage of Saudi Aramco’s computers or past incursions into U.S. casinos and water management systems.
Nicole Fishbein, a senior security researcher at the Israeli cybersecurity company Intezer, remarked, “The volume of attacks appears to be relatively low. The techniques used are not particularly sophisticated.”
In the aftermath of the airstrikes, online activist groups, purportedly operating under Iran’s direction, claimed to have conducted a series of hacks targeting Israeli and Western companies.
One group, known as Handala Hack, announced several data thefts and cyber incursions, yet Reuters was unable to verify these latest claims.
Security analysts suggest that Handala Hack emerged in connection with the Hamas attack on Israel on October 7, 2023, and is believed to operate from the Iranian Ministry of Intelligence.
Rafe Pilling, lead threat intelligence researcher at Sophos, a British cybersecurity firm, expressed that the apparent impact of the hacking activities has been modest.
“As far as we can tell, it’s the usual mix of ineffectual chaos from genuine hacktivist groups, along with targeted attacks attributed to Iran-linked individuals. These activities likely have some success but tend to exaggerate their actual impact,” he noted.
Iran’s mission to the United Nations in New York did not respond to inquiries regarding these hacking allegations.
Typically, Iran denies any involvement in hacking campaigns.
In recent activities tied to Iran’s Revolutionary Guards, Check Point Software, an Israeli firm, reported that phishing messages have been sent to Israeli journalists and academic officials, among others.
In one reported incident, hackers attempted to entice a target into a physical meeting in Tel Aviv, although the intentions behind this invitation remain unclear, as noted by Sergey Shykevich, Check Point’s threat intelligence manager.
He further indicated that there have been attempts to destroy data at certain Israeli targets, details of which he refrained from sharing. Notably, there has also been a sharp uptick in efforts to exploit a vulnerability in Chinese-made security cameras, presumably to assess bomb damage in Israel.
This situation presents an asymmetry between pro-Iranian cyber operations and those purportedly linked to Israel in light of the ongoing aerial conflict that started on June 13.
Allegations have surfaced that suspected Israeli cyber operatives claimed to have compromised data at a state-owned Iranian bank and have purportedly destroyed approximately $90 million in cryptocurrencies tied to Iranian government security services.
The Israeli National Cyber Directorate did not respond to requests for comment on these allegations.
Cybersecurity analysts emphasize that the dynamic landscape suggests more sophisticated espionage activities could be occurring under the radar.
Both Israeli and U.S. officials have called for vigilance in the private sector, with a bulletin issued by the Department of Homeland Security on June 22 warning of a heightened threat environment in the U.S. due to potential Iranian cyber attacks.
The FBI, however, declined to comment on any Iranian cyber activities within the United States.
Yelisey Bohuslavskiy, co-founder of intelligence firm Red Sense, likened Iran’s cyber operations to its missile program.
While Iranian missiles have caused significant destruction, the majority have been intercepted, resulting in very limited damage to the Israeli military.
Bohuslavskiy articulated a parallel in the cyber realm: “There is a lot of hot air, there is a lot of indiscriminate civilian targeting, and — realistically — there are not that many results.”
image source from:nbcnews
