Iran has upped its cyberattacks: It’s time for Biden to strike back

Iran has dramatically stepped up its cyberattacks against the United States since Oct. 7, prompting little to no response from the White House.

Like the rockets, drones and anti-ship missiles from Tehran’s proxies, Iranian cyberattacks will only grow worse until President Biden restores deterrence.

To do that, he must go on cyber offense.

After Hamas’ brutal Oct. 7 massacre, Iranian hackers stepped up their attacks on the Jewish state, quickly refining their methods to intimidate Israelis, create confusion and undermine international support for Israel.

Iranian hacking groups are increasingly specializing in particular components of a cyber operation — reconnaissance on the targets, gaining access to a victim’s network, launching malware or conducting psychological operations.

That division of labor makes these groups more potent and difficult to track and counter.

Iran is also openly cooperating with Hamas and Hezbollah in cyberspace.

Hackers connected with Iran’s Ministry of Intelligence are sharing cyberattack network infrastructure and tools with Hezbollah.

And while cybersecurity firms speculated in October that Hamas might be receiving limited cyber support from Iran, Microsoft said in a report last month support is now “surging.”

In one instance, Iranian hackers posed as Hamas’ al-Qassam Brigades to threaten Israelis on social media.

In another, Iranian hackers texted and emailed Israelis claiming that Hamas had launched a cyberattack on the Dimona nuclear facility.

Elsewhere, hackers have also increasingly turned to hacking mobile phones to gather valuable intelligence, Google’s Threat Analysis Group concluded.

The cooperation between Iran and its proxies is “not unprecedented,” but, as Microsoft warns, leveraging native Arabic speakers from Hezbollah and Hamas will make Iran’s malicious, cyber-enabled influence operations more effective.

Cyberattacks on Israel are a precursor to the next phase of the cyber conflict, as Iran expands cyberattacks against the United States.

Iranian hackers made big news when they compromised the industrial computers of more than a dozen small water utilities across America last November.

Microsoft warned that these attacks were a “ploy to test Washington.”

The White House failed the test.

Last month, the Treasury Department imposed financial sanctions on six individuals in Iran’s Islamic Revolutionary Guard Corps responsible for the hacks, banning their use of US banking system.

But the odds any of them have funds here are slim to none.

The naming-and-shaming exercise may cause the sanctioned groups to disband or re-brand to manage public relations, as Recorded Future concluded in its report on the organization and affiliation of these groups.

But economic sanctions and federal criminal indictments have done little to deter the Iranian regime from executing more cyberattacks.

The White House might think that because the attack on water utilities had no operational impact, sanctions were enough.

Yet the FBI warned that the attack could have had “profound cyber-physical effects.”

Until now, Washington has proceeded cautiously in the face of Iranian provocations, fearful of escalation and wider war.

But pinprick responses don’t deter Iranian aggression.

US retaliatory strikes on the Houthis in Yemen and other Iranian proxies have not halted the attacks against US forces in the region.

One cyberattack we waged recently against a single Iranian ship failed to stop Iran’s collection of intelligence about cargo traffic in the Gulf of Aden for the Houthis.

The White House might be able to maintain the fiction in the Red Sea and eastern Syria that the attacks are just Iranian proxies, not Tehran itself.

In cyberspace, however, there is no denying what Iran is doing: The regime in Iran itself is engaging in increasingly sophisticated attacks.

Instead of just relying on financial sanctions, the United States should remove Iran’s ability to launch attacks against Americans.

Washington should conduct offensive cyber operations — “forward defense” — to hunt down and dismantle every piece of network infrastructure Iranian hackers use.

The White House should then quietly reveal to Tehran just how deeply US operatives have prepositioned cyber assets inside Iranian networks, including a targeted critical infrastructure attack to demonstrate US willingness to use these tools now.

After Iran attempted to hack the Israeli water system in 2020, Israel crashed the computer systems operating one of Iran’s largest ports.

Washington should have been taking notes — and, presuming it did; now would be a good time to show it.

Iran is providing cyber weapons to terrorists, attacking a US ally and attempting to compromise critical US infrastructure via cyberspace.

Iranian cyber operatives are “increasingly bold,” warns Microsoft.

Washington has significant cyber capabilities of its own.

Time to turn the tables and ensure Iran sees our forces as even “bolder.”

Annie Fixler is the director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies. Adm. (ret.) Mark Montgomery is CCTI’s senior director and former executive director of the Cyberspace Solarium Commission.