Iran’s cyber forces have many ways to attack US, experts warn
U.S. officials and private experts are warning that Iran may retaliate against the United States for bombing its nuclear facilities with any of a wide range of cyberattacks that could cause lasting damage or significant psychological impact.
There were no reports of suspected Iranian cyberattacks against U.S. assets Monday, and the FBI declined to say whether it had seen activity below the surface. Most experts expect Iran to pursue cyber actions calibrated to not elicit a forceful American response.
In the 15 years since the U.S. and Israel attacked Iran with the early cyberweapon known as Stuxnet, a computer worm that infiltrated computers in Iran’s nuclear enrichment program and damaged critical centrifuges, Iran has devoted itself to building its own capabilities to a point well beyond those of other countries its size.
It has unleashed its most destructive software on such varied targets as the rival state-owned oil giant Saudi Aramco, where it knocked out 30,000 computers in 2012 and halved its oil production, and the Sands casino business two years later, when it was controlled by American Sheldon Adelson, a zealous advocate for Israel.
Iran-linked groups have more recently focused on disrupting Israeli targets. It has claimed responsibility for hacking the country’s missile alert systems and for leaking a think tank’s documents to the public since the current round of violence began two weeks ago. Since this weekend’s U.S. raids, pro-Iran accounts on Telegram and X have threatened retaliation against American targets as well.
While destructive attacks could be launched against critical industries including energy and water utilities, federal officials and others tracking Iran said it was more likely that self-proclaimed activist groups would deface U.S. websites or temporarily knock them offline with denial-of-service attacks, which are easy to execute and merely interrupt business.
“Low-level cyberattacks against U.S. networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian government may conduct attacks against U.S. networks,” the Department of Homeland Security warned Sunday.
The hacktivist approach may appeal because they are carried out by seemingly independent groups, providing Tehran with a degree of plausible deniability. The Iranian government has proved adept at exploiting such strikes by portraying them as more debilitating than they are, said John Hultquist, chief analyst at Google Threat Intelligence.
“They are really clever when it comes to this,” Hultquist said. “If you get the right misleading evidence and get someone moving fast enough, you might get that reported as much more significant than it was. One powerful headline might be enough to take back to their domestic audience” as proof of a strong response.
As a matter of self-preservation, Iran would also look to cyber means in the same way that it fired missiles at the U.S. presence in Qatar Monday — more as a show of commitment than an escalation.
“Iran doesn’t have the military force projection to deliver ordnance to the U.S.,” said Adam Meyers, senior vice president at security firm CrowdStrike. “Cyber is kind of the one thing to conduct operations on the U.S. homeland and potentially not trigger a redline response.”
Iran was active in hacking 2024 presidential campaigns in an effort to influence the media and voters, and it increased spying after was broke out in Gaza two years ago.
Dire warnings of an Iranian response also were issued five years ago, after the U.S. killed a top Iranian general. In that case, little visible cyberattacks materialized.
But it later emerged that Iran had used its considerable espionage ability to track U.S. targets that were marked for assassination in plots that were thwarted. Those targeted included John Bolton, a main architect of President Donald Trump’s “maximum pressure” campaign against Iran during his first term in office.
If that is any blueprint, the U.S. might not know how Iranian hackers are responding to the bombing until such an assassination plot is either uncovered or carried out, perhaps by someone claiming to be a lone wolf.