Iran is poised to respond to recent air strikes by the US and Israel through a series of cyber-attacks targeting various entities across the Middle East and beyond. This warning was issued by John Hultquist, the chief analyst of Google Threat Intelligence Group (GTIG), during an event organized by the Royal United Services Institute (RUSI) in London.
Initially, the event aimed to explore the threat of Russian cyber sabotage in Europe. However, the escalating conflict in the Middle East shifted much of the conversation towards Iran and its cyber capabilities.
Iran has long been recognized as a formidable player in cyberspace, having engaged in numerous cyber espionage and malicious hacking campaigns against Western nations.
Since the onset of the conflict, Iran has launched missile strikes against several neighboring countries, including members of the Gulf Cooperation Council (GCC) such as Qatar, Bahrain, Jordan, the United Arab Emirates, and Kuwait, all of which host US military bases.
Hultquist believes these nations are likely to become targets of Iran's aggressive cyber operations. He stated, “You’re not going to see some secret weapon; it won’t be very different from what we’ve seen going on for the last few years. What changes is the targeting.”
He elaborated that while previous attacks focused on Israel, a nation with advanced security measures, the current situation opens up a wider range of targets that may lack similar defenses. This shift will require a reassessment of global cybersecurity strategies.
Hacktivism and Ransomware: Tools for State-Sponsored Cyber Operations
In an interview, Hultquist noted the blurred lines between the Iranian government and various cybercriminal and hacktivist groups. He remarked, “They’re really good at playing in this foggy space.”
Hackers linked to the Iranian government have previously been accused of collaborating with ransomware groups to orchestrate attacks against US organizations.
Hultquist anticipates that Iran will continue to utilize these indirect methods in its cyber campaigns against perceived adversaries, particularly those with weaker cyber defenses compared to Israel or the US.
He expressed concern over the potential for attacks carried out by fronts masquerading as hacktivist groups, which may actually be affiliated with the Iranian Revolutionary Guard Corps (IRGC). “I’m expecting attacks by hacktivist fronts that aren’t truly hacktivist fronts,” he stated. He also mentioned that ransomware incidents could be misrepresented as conventional ransomware attacks.
“I’m expecting them in the US, GCC, and anyone else who’s drawn Iran’s ire right now. Suddenly, they have a massive attack surface to choose from, so they’re going to carry out those attacks,” Hultquist added.
In light of the escalating conflict, the National Cyber Security Centre (NCSC) has urged organizations to reassess their cybersecurity measures, particularly those operating in the Middle East.
The NCSC warned, “There is almost certainly a heightened risk of indirect cyber threat for those organizations and entities who have a presence, or supply chains, in the Middle East.”
