Iran’s extensive cyber conflict with Israel is now taking on global proportions, with cyberattacks not only targeting businesses and government agencies within Israel, but also reaching across continents to the US and Europe. As a result, tensions are escalating and the impact of these cyber threats is being felt on a global scale.
Microsoft has characterized Iran’s cyber offensive as entering a new phase, which they have dubbed “Phase 3.” This phase involves Iran targeting businesses and government agencies outside of Israel, specifically those perceived to be aligned with Israel’s allies. The goal of this phase appears to be to use cyberattacks as a form of strategic pressure to influence governments and business communities to support a cessation of Israeli military activities in the Gaza Strip.
A recent victim of Iran’s Phase 3 cyber offensive was the Albanian government organization, Institute of Statistics (INSTAT), which experienced a cyberattack that interrupted internet services on its official website and email systems. While the targeted systems were not classified as critical or important information infrastructure, the Iranian APT known as “Homeland Justice” claimed responsibility for copying and deleting over 100 terabytes of population and geographic information system data from the organization’s servers. Homeland Justice has also targeted other countries perceived to be in support of Israel, framing these attacks in the context of those countries’ support for “the terrorists.”
In addition to targeting Albania, Iran’s cyberattack net once again extended to the US, this time resulting in the Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioning six officials with the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC) for an intrusion into programmable logic controllers developed by an Israeli-American company and utilized in critical infrastructure.
The actions taken by the US to sanction Iranian cyber officials associated with these attacks are seen as a means of providing limited deterrence against future attacks, as Iranian cyber actors are known to be persistently intent on attacking US-based targets, especially government entities. This echoes a clear escalation of tensions and an increased risk of retaliation in the ongoing cyber conflict.
The conflict between Iran and Israel, conducted through cyber warfare, has been characterized by Microsoft as taking place across three distinct phases. Phase 1 saw amateurish attacks by Iran-nexus groups in the days following a Hamas terrorist attack, while Phase 2 involved an increase in the number of active groups working against Israel, with more coordinated and destructive campaigns launched. Phase 3, the current phase, has seen Iran using more advanced tactics, targeting more significant businesses and critical infrastructure operators, and employing more effective messaging aimed at undermining Israeli morale and pressuring Israel’s allies.
As the conflict enters a new phase, the concern over potential impacts on critical operations and influence operations has increased. Iranian cyber operations have used a wide range of attack methods, including web app exploits, credential harvesting, ransomware, and cryptomining, creating a wide range for potential disruptions and impacts. As a result, the potential for the cyber conflict to further escalate and have a global impact on critical operations and international relations cannot be underestimated. The ongoing nature of these attacks continues to raise concerns about the potential for more aggressive and damaging cyber operations in the future, with the potential for worldwide implications.