The US Sanctions Against Iranian Hackers Highlight Growing Concerns About the Islamic Republic’s Cyber Warriors

By Elliefrost @adikt_blog

DD Images/Shutterstock" src="https://s.yimg.com/ny/api/res/1.2/q.4I_fgvoSmrk4QWdLTZRA-/YXBwaWQ9aGlnaGxhbmRlcjt3PTk2MDtoPTYzMQ-/https://media.zenfs.com/en/the_conversation_464/13fbd1d71f87b72 c5886812e83f710f0″ data src="https://s.yimg.com/ny/api/res/1.2/q.4I_fgvoSmrk4QWdLTZRA-/YXBwaWQ9aGlnaGxhbmRlcjt3PTk2MDtoPTYzMQ-/https://media.zenfs.com/en/the_conversation_464/13fbd1d71f87b72c58 86812e83f710f0″/>

A hallmark of the simmering tensions between the US, Israel and Iran is not only the tit-for-tat missile and drone strikes and assassinations, but also accusations of cyber warfare by Iran.

On April 23, the U.S. Treasury Department announced it would sanction two Iranian companies and four Iranian individuals for carrying out malicious cyberattacks against more than a dozen U.S. companies and government organizations. The Treasury Department alleged that these organizations and individuals conducted spearphishing, malware, and ransomware attacks, which they said aimed to destabilize key U.S. national infrastructure.

This followed an announcement in February that it was punishing a group of Iranian hackers linked to the country's military for what it described as "unscrupulous and dangerous" attacks on water and wastewater systems in the US.

Identifying the people behind these attacks can often be a challenge. But the US claims the hacks are being carried out by "front companies" and hackers operating for the Cyber ​​Electronic Command (IRG-CEC) of Iran's Islamic Revolutionary Guard Corps.

The main sanctioned company, Mehrsam Andisheh Saz Nik (MASN), is identified as regularly launching so-called Advanced Persistent Threat (APT) attacks.

APTs are long-term attacks on high-value targets such as large corporations and government organizations.

MASN was linked by cybersecurity giant Symantec (now Gen Digital Inc) in 2019 to a group called Tortoiseshell. Symantec said Tortoiseshell had been active in the Middle East since at least July 2018. It was related to cyber attacks against Saudi Arabian IT providers and Israeli shipping, logistics and financial services companies.

Much less is known about the actions of the second sanctioned company, Dadeh Afzar Arman. But information available online shows that it is a software and web development company based in Tehran.

In addition to the sanctions, so does the US government is offering a $10 million reward (£8 million) and a 'plane ticket to somewhere new' for anyone with information about the hackers in question.

The recent announcement follows a broader pattern of the US naming and shaming cybercrime groups it has identified and linked to rogue activities.

By publicly naming these groups in this case, the US intends to inform the Iranian public that the IRGC-CEC is using these companies to launch illegal cyber attacks on international targets. But the U.S. government's efforts to deter state-backed hackers working for governments like Iran, China and Russia have yet to bear fruit.

To date, such suspects have never been arrested to stand trial in the US.

War in all but name

Washington and Tehran have been at odds since the 1979 revolution. The US imposed sanctions on the Islamic Republic when militant students overran the US embassy in the Iranian capital in November 1979, sparking the 400-day hostage crisis.

Since then, they've endured it with varying levels of intensity. This is despite efforts by the Obama administration to move toward normalization, with the signing in 2015 of a deal under which Iran agreed to limit its nuclear program in exchange for easing sanctions.

Donald Trump withdrew the US from the agreement in 2018.

The first major cyber war between the two countries was in fact the Stuxnet "worm," a joint venture between the US and Israel. Stuxnet drove a wrecking ball through Iran's nuclear facilities in 2010. The virus manipulated control systems and caused centrifuges to overheat. This caused serious damage and set Iran's nuclear program back by years.

This incident marked the beginning of an ongoing conflict between the two countries. In 2016, the US Department of Justice indicted seven Iranian computer specialists. It accused the group of hacking dozens of US banks and trying to take control of a small dam in a New York suburb.

This was the first time the US publicly accused the Iranian Revolutionary Guard Corps (IRGC) of involvement in cyber attacks. But Iran is thought to have targeted US financial systems since 2011 with what the FBI called a "systematic campaign of distributed denial of service (DDoS) attacks."

After the US assassinated top Iranian general Qasem Soleimani in 2020, the US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency issued an official directive, warning US companies to prepare for a possible wave of cyber attacks from Iran.

At the time, the threat was explained away. One expert wrote in the New York Times: "Tehran is a capable and prolific player in cyber warfare, but it has no proven ability to cause large-scale physical damage through cyber operations."

Growing threat

However, in recent years, Iran appears to have further developed its cyber capabilities. In 2023, the Office of the Director of National Intelligence stated in its annual threat assessment that: "Iran's growing expertise and willingness to conduct aggressive cyber operations make the country a major threat to the security of U.S. and allied networks and data."

Meanwhile, the National Cyber ​​Power Index ranked Iran tenth among the 30 countries it surveyed in 2022 (up from 23rd in 2020). Furthermore, in a recently published peer-reviewed article that provides a new global benchmark for cybercrime, Iran ranks 11th in terms of the impact, professionalism and technical skills of cybercriminals operating in the country.

In the increasingly murky margins of a world where cybercriminals and governments can overlap, Iran's increasing sophistication in this area cannot be ignored.

This article is republished from The Conversation under a Creative Commons license. Read the original article.

Iain Reid receives funding from the University of Portsmouth. He is affiliated with the British Psychological Society. Vasileios Karaginnopoulos does not work for, consult with, own shares in, or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.