November 2, 2023 | Flash Brief
FBI Director Warns of Increased Risk of Iranian Cyberattacks
November 2, 2023 | Flash Brief
FBI Director Warns of Increased Risk of Iranian Cyberattacks
Latest Developments
FBI Director Christopher Wray said on October 31 that Iran is likely to pose an increased cyber threat to U.S. critical infrastructure as the war between Israel and Hamas continues. Wray’s assertion, delivered in testimony before the Senate Homeland and Government Affairs Committee, reflects the finding of the intelligence community’s Annual Threat Assessment that Iran poses a “major threat to the security of U.S. and allied networks and data.” As Hezbollah launches missiles over Israel’s northern border and other Iranian proxies conduct dozens of attacks against U.S. forces in the region, Wray warned that if the conflict further expands, “the cyber targeting of American interests and critical infrastructure that we already see conducted by Iran and nonstate actors alike … [will] get worse.”
Expert Analysis
“Time and again Iran has proven itself to be a formidable adversary in cyberspace, quickly weaponizing known vulnerabilities to compromise unpatched networks. And its hackers are rapidly improving their tradecraft and increasing the sophistication of their campaigns. While Iran might view U.S. businesses as a soft underbelly, Iran would do well to remember that America has robust law enforcement, intelligence, and offensive capabilities to punish those who target U.S. critical infrastructure.” — Annie Fixler, Director of FDD’s Center on Cyber and Technology Innovation
“Just as Iran is utilizing proxies around the region to attack American forces, Iran may try to maintain plausible deniability in cyberspace by obfuscating the regime’s involvement, using Hezbollah operatives, or attempting to conduct false flag operations. The U.S. government should maintain no illusion that if an Iranian proxy conducts a cyber operation, the orders and capabilities came straight from Tehran.” — RADM (Ret.) Mark Montgomery, Senior Director of FDD’s Center on Cyber and Technology Innovation and FDD Senior Fellow
“Iranian escalation, be it direct or via proxy, is more often than not a multi-domain phenomenon. Just as Iran might feel comfortable using proxies to launch attacks on U.S. forces in the heartland of the Middle East or engage in and support acts of terrorism on U.S. soil, so too might Tehran’s theocrats and their armed allies be tempted to target American critical infrastructure using cyber means to raise the costs of continuing to stand by Israel.” — Behnam Ben Taleblu, FDD Senior Fellow
Iran Targets America in Cyberspace
Since major Iranian attacks on U.S. banks a decade ago, the Islamist regime has repeatedly loosed its cyber operators against American interests. Iranian hackers stole terabytes of information worth billions of dollars from more than 100 American universities between 2013 and 2019. The regime in Tehran conducted a multifaceted cyber and disinformation effort to interfere with the 2020 U.S. presidential elections, the Department of Justice announced in November 2021.
Iranian government-sponsored hackers target U.S. and allied critical infrastructure, including healthcare companies. In fact, the FBI thwarted an attempted Iranian attack on Boston Children’s Hospital, Wray revealed last year, calling it “one of the most despicable cyberattacks I’ve seen.” The Justice Department subsequently indicted Iranian hackers with attempted ransomware and extortion of hundreds of small businesses, nonprofits, and critical infrastructure companies. Today, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency confirmed to Politico that the agency is updating its public guidance based on emerging threats from Iran.
Iran Provides Cyber Assistance to Hamas
Meanwhile, a new report from cyber threat intelligence company Recorded Future provides insights into the cyber assistance that Iran’s Islamic Revolutionary Guard Corps provides to Hamas. As a result of Hamas’s poor operational security, the company identified network infrastructure linking a Hamas-run news app to Iran as well as to known Hamas hackers. Researchers with Recorded Future told the press that Hamas’s ability to keep the app operational despite internet outages in Gaza and ongoing battles further indicates that “whoever was responsible for running these assets was potentially doing so from outside the territories.”
Related Analysis
“The Dangers of Iran’s Cyber Ambitions,” by Annie Fixler
“Washington Provides Cyber Support to Israel,” FDD Flash Brief
“There is still time for Biden to deter Iran and support Israel,” by Anthony Ruggiero