Tracking Iran’s cyberterrorism

Updated 01 March 2019
Follow

Tracking Iran’s cyberterrorism

  • Tehran is stepping up its malicious online attacks, experts say — and Saudi Arabia is one of its main targets
  • In 2012, some 35,000 computers were affected by a major cyberattack against Saudi Arabia

DUBAI: Iran is one of the biggest threats in cyberspace, according to experts who warn that a global response is needed to repel its rising wave of cyberattacks on government and communications infrastructure worldwide.

The leading state sponsor of terror is extending its malign presence online, with Saudi Arabia among its main targets. Iran’s growing digital prowess is part of its “soft war” strategy to spy on adversaries and spread its rhetoric. 

“Iran is increasingly active and a growing cyber threat, though it isn’t the most sophisticated actor,” Michael Eisenstadt, Kahn fellow and director of the military and security studies program at the Washington Institute for Near East Policy, told Arab News. “But as past Russian hacking efforts in the US have shown, you don’t need to be technologically sophisticated to hack and then leak emails, causing embarrassment to adversaries.”

In recent months, cybersecurity firms and tech companies have exposed attacks linked to faceless enemies in Iran. 

“Cyber holds a certain appeal” for the country, Eisenstadt said. “Because of the difficulty attributing responsibility for cyber-attacks, it provides Tehran with a degree of deniability,” he said. “Perhaps most importantly, it allows Iran to strike its adversaries globally, instantaneously and on a sustained basis, and to achieve strategic effects in ways it can’t in the physical domain.”

Iran’s greatest adversaries are the US, Israel and Saudi Arabia “in that order,” Eisenstadt said. “In March 2018, the US government designated an Iranian entity, the Mabna Institute, and nine individuals associated with the institute, for operating a massive hacking and cyberspying operation that targeted hundreds of universities and companies in dozens of countries to steal proprietary data and academic research, presumably to help Iran’s own research and development efforts, to circumvent sanctions, and to compensate for its economic isolation. These activities had been going on for years.”

Joyce Hakmeh, a research fellow of cyber policy and co-editor at the Journal of Cyber Policy at the International Security Department at Chatham House, said Iran has been linked to several attacks in the Middle East, including in Saudi Arabia. One of the biggest attacks was identified in 2012, when an Iranian hacker group deployed the Shamoon computer virus to cripple thousands of hard drives at Saudi Aramco. “Everyone remembers the big attack against Saudi Arabia in 2012, which affected 35,000 computers. It was called the biggest hack in history at the time,” she said.

Eisenstadt said there were several attempted strikes on Saudi government and private sector entities using the Shamoon 2.0 malware in 2016 and 2017, and on Italy’s Saipem oil services firm (whose biggest customer is Saudi Aramco) in December 2018.

Hakmeh said while “attribution is a challenge” when it comes to cyber activity, a host of groups have been linked to Tehran’s terror online, including Magic Hound, MuddyWater, APT33, APT34, APT39, Cobalt Gypsy, Rocket Kitten and NewsBeef.

Collectively, these have targeted organizations across the Middle East in industries including finance, government, energy, chemicals and telecommunications.

A 2018 report by the Carnegie Endowment for International Peace noted: “While Iran’s offensive cyber operations have required modest resources to develop, they have allowed Tehran to project itself as an emerging cyber power able to cause significant harm to its adversaries.”

The report said: “As judged from the evidence of coordination between security agency actions and observed cyber operations, the campaigns of Iranian threat actors almost certainly have a direct relationship with government entities, specifically the Islamic Revolutionary Guard Corps and the Ministry of Intelligence. Attempts to forecast the future of Iranian cyber operations are constrained by the secrecy on the part of the Iranian state about its activities and an uncertain geopolitical climate.”

Eisenstadt said when it comes to the biggest threats in cyberspace, the most formidable actors are Russia followed by China, North Korea and Iran. “Iran’s activities in the cyber domain generally serve its broader foreign policy objectives. In some cases, the goal might be to advance Iran’s propaganda line. In others, it might be to steal intellectual property and propriety information, in order to circumvent sanctions and benefit its own research and development efforts,” he said.

Hakmeh said countries, especially in the Middle East, need to build resilience against cyberattacks by sharing information, preparing strategies and educating people about good “cyber hygiene,” such as changing passwords. “While Iran for some years has been considered a third-tier threat, the threat is considerable. It’s a country to monitor, to keep on the map,” she added. “It doesn’t have the same capabilities as China, Russia or the US, but it has been able to be very destructive.” 

While Iran spreads fake news to support its rhetoric against Israel, Saudi Arabia and the US, its more serious attacks are geopolitically motivated, said Hakmeh. “Most of the attacks that Iran has been linked to are for espionage reasons to get a competitive advantage — Saudi Arabia’s petrochemical industry, for example, to see what technology it’s using — or to gain insight into Saudi Arabia’s military capacities so Iran can enhance its own,” she said.

Dr. Johannes Ullrich, dean of research at the SANS Institute, a US company that specializes in information security and cybersecurity training, said as Iran’s conflict with its neighbors grows, so has its presence on the dark web.

“Iran is believed to maintain a significant effort to conduct offensive cyber operations against its adversaries,” he added. “It may not be among the most sophisticated, but it’s very aggressive in applying the skills it has.

“One technique that has been employed in the attacks is domain hijacking. For this attack, an administrator’s password is used to alter settings for an organization’s domain. The attack itself is pretty simple, and the hard part is to get the administrator’s password. It isn’t clear how the administrator password was obtained in these cases, but typically phishing attacks are used. Overall these attacks aren’t terribly sophisticated, but the impact can be huge.”

Aside from hacks on government and company infrastructure, Iran has been linked to a global network of fake news websites. ClearSky, a Tel Aviv-based cyber tech security firm, recently issued a report linking Iranian propagandists to fake news sites in 28 countries that spread misinformation about their targets — chiefly in the Middle East and Asia — and advance Tehran’s ideological and geopolitical interests.

In recent months, FireEye, a US  cybersecurity firm, issued a warning about fake news sites and profiles on Facebook and Twitter that it believed were operated
by Tehran as part of its cyber-
influence campaign.  Such campaigns were also exposed by Twitter, which posted 1 million tweets generated by fake accounts. 

Facebook said it had deleted dozens of fake profiles. Just this month, the platform said it removed 783 accounts tied to Iran that appeared to be engaging in a manipulation campaign against people in almost 30 countries.

Still, experts at the Institute for National Security Studies in the US have said Tehran’s efforts have not been foolproof, with a report noting: “Use of Iranian contact data (such as phone numbers and email addresses), copied content and poor writing has led to their public exposure. Until then, however, Iran managed to reach many people … some contents were viewed by millions of views, and some earned responses by hundreds of thousands of surfers.”

Simone Vernacchia, cybersecurity and digital infrastructure advisory lead at PwC Middle East, said that while it is against his company’s policy to attribute cyberattacks to a specific “nation-state actor,” the firm had noted an “increase in disruptive attacks, which may be sponsored by a nation-state.”

Although there has been a big increase in investment in cybersecurity in past months, many Middle Eastern countries’ defense systems remain less advanced than those in the West, he said.

“A stronger collaboration among privately owned critical infrastructure and government defense systems, as well as a strong and periodically tested set of organizational and technical interfaces, would strengthen the ability to respond to crises,” he said.


Two Israeli strikes hit south Beirut: Lebanon state media

Updated 5 sec ago
Follow

Two Israeli strikes hit south Beirut: Lebanon state media

BEIRUT: Lebanese state media reported two Israeli strikes on Beirut’s southern suburbs on Sunday, about an hour after the Israeli military posted evacuation calls online for parts of the Hezbollah bastion.
“Israeli warplanes launched two violent strikes on Beirut’s southern suburbs in the Kafaat area,” the official National News Agency said.
The southern Beirut area has been repeatedly struck since September 23 when Israel intensified its air campaign also targeting Hezbollah bastions in Lebanon’s east and south. It later sent in ground troops to southern Lebanon.
AFPTV footage showed grey smoke billowing over south Beirut.
The raids “caused massive destruction over a large geographical area” of the Kafaat district, NNA said.
Earlier Sunday, Israeli military spokesman Avichay Adraee warned on social media platform X that the military would strike “Hezbollah facilities and interests” in the Hadath and Burj Al-Barajneh districts, also sharing maps of the areas to be evacuated.
Full-on war erupted following nearly a year of limited exchanges of fire initiated by Iran-backed Hezbollah in support of its ally Hamas, after the Palestinian group’s October 7, 2023 attack sparked the Gaza war.

Israel records 160 launches fom Lebanon as Hezbollah targets Tel Aviv, south

Israeli security forces and people inspect a damaged house at a site hit by rockets fired from Lebanon in Rinatya village.
Updated 24 November 2024
Follow

Israel records 160 launches fom Lebanon as Hezbollah targets Tel Aviv, south

  • Medical agencies reported that at least 11 people were wounded, including a man in a “moderate to serious” condition

JERUSALEM: Israel’s army said Hezbollah fired around 160 projectiles into its territory from Lebanon on Sunday, with the group saying its attacks had targeted the Tel Aviv area and Israel’s south.
The Iran-backed group said in a statement that it had “launched, for the first time, an aerial attack using a swarm of attack drones on the Ashdod naval base” in southern Israel.
Later, it said it fired “a barrage of advanced missiles and a swarm of attack drones” at a “military target” in Tel Aviv, and had also launched a volley of missiles at the Glilot army intelligence base in the city’s suburbs.
The Israeli military did not comment on the specific attack claims when contacted by AFP.
But it said earlier that air raid sirens had sounded in several locations in central and northern Israel, including in the greater Tel Aviv suburbs.
It later reported that “approximately 160 projectiles that were fired by the Hezbollah terrorist organization have crossed from Lebanon into Israel.”
Some of the projectiles were shot down.
Medical agencies reported that at least 11 people were wounded, including a man in a “moderate to serious” condition.
AFP images from Petah Tikva, near Tel Aviv, showed several damaged and burned-out cars, and a house pockmarked by shrapnel.
The wave of projectiles follows at least four deadly Israeli strikes in central Beirut in the past week, including one that killed Hezbollah spokesman Mohammed Afif.
In a speech on Wednesday, Hezbollah chief Naim Qassem had said the response to the recent strikes on the capital “must be expected on central Tel Aviv.”
The Lebanese army, meanwhile, said that a soldier was killed on Sunday and 18 others injured, “including some with severe wounds, as a result of an Israeli attack targeting a Lebanese army center in Amriyeh.”
Though the Lebanese army is not a party to the war between Israel and Hezbollah, Israeli strikes have killed 19 Lebanese soldiers in the last two months, authorities have said.
Since September 23, Israel has intensified its Lebanon air campaign, later sending in ground troops after nearly a year of limited exchanges of fire initiated by Hezbollah in support of its ally Hamas after the Palestinian group’s October 7, 2023 attack, which sparked the Gaza war.
Lebanon’s health ministry says at least 3,670 people have been killed in the country since October 2023, most of them since September this year.


Israeli strike on Lebanese army center kills soldier, wounds 18 others

Updated 24 November 2024
Follow

Israeli strike on Lebanese army center kills soldier, wounds 18 others

  • It was the latest in a series of Israeli strikes that have killed over 40 Lebanese troops
  • Lebanon’s caretaker prime minister condemned it as an assault on US-led ceasefire efforts

BEIRUT: An Israeli strike on a Lebanese army center on Sunday killed one soldier and wounded 18 others, the Lebanese military said.

It was the latest in a series of Israeli strikes that have killed over 40 Lebanese troops, even as the military has largely kept to the sidelines in the war between Israel and Hezbollah militants.

There was no immediate comment from the Israeli military, which has said previous strikes on Lebanese troops were accidental and that they are not a target of its campaign against Hezbollah.

Lebanon’s caretaker prime minister, Najib Mikati, condemned it as an assault on US-led ceasefire efforts, calling it a “direct, bloody message rejecting all efforts and ongoing contacts” to end the war.

“(Israel is) again writing in Lebanese blood a brazen rejection of the solution that is being discussed,” a statement from his office read.

The strike occurred in southwestern Lebanon on the coastal road between Tyre and Naqoura, where there has been heavy fighting between Israel and Hezbollah.

Hezbollah began firing rockets, missiles and drones into Israel after Hamas’ Oct. 7, 2023, attack out of the Gaza Strip ignited the war there. Hezbollah has portrayed the attacks as an act of solidarity with the Palestinians and Hamas. Iran supports both armed groups.

Israel has launched retaliatory airstrikes since the rocket fire began, and in September the low-level conflict erupted into all-out war, as Israel launched waves of airstrikes across large parts of Lebanon and killed Hezbollah’s top leader, Hassan Nasrallah, and several of his top commanders.

Israeli airstrikes early Saturday pounded central Beirut, killing at least 20 people and wounding 66, according to Lebanon’s Health Ministry. Hezbollah has continued to fire regular barrages into Israel, forcing people to race for shelters and occasionally killing or wounding them.

Israeli attacks have killed more than 3,500 people in Lebanon, according to Lebanon’s Health Ministry. The fighting has displaced about 1.2 million people, or a quarter of Lebanon’s population.

On the Israeli side, about 90 soldiers and nearly 50 civilians have been killed by bombardments in northern Israel and in battle following Israel’s ground invasion in early October. Around 60,000 Israelis have been displaced from the country’s north.

The Biden administration has spent months trying to broker a ceasefire, and US envoy Amos Hochstein was back in the region last week.

The emerging agreement would pave the way for the withdrawal of Hezbollah militants and Israeli troops from southern Lebanon below the Litani River in accordance with the UN Security Council resolution that ended the 2006 war. Lebanese troops would patrol the area, with the presence of UN peacekeepers.

Lebanon’s army reflects the religious diversity of the country and is respected as a national institution, but it does not have the military capability to impose its will on Hezbollah or resist Israel’s invasion.


EU’s Borrell urges pressure on Israel, Hezbollah to accept US ceasefire proposal

Updated 24 November 2024
Follow

EU’s Borrell urges pressure on Israel, Hezbollah to accept US ceasefire proposal

  • The EU’s foreign policy chief warned that Lebanon was “on the brink of collapse”

BEIRUT: The European Union’s foreign policy chief called on Sunday during a visit to Beirut for pressure to be exerted on both the Israeli government and on Lebanon’s Hezbollah to accept a US ceasefire proposal.
Speaking at a news conference in Beirut, Josep Borell also urged Lebanese leaders to pick a president to end a two-year power vacuum in the country, and he pledged 200 million euros in support for Lebanon’s armed forces. 

Lebanon on 'brink of collapse'

The EU’s foreign policy chief warned that Lebanon was “on the brink of collapse” after Israel launched an intense air campaign two months ago following nearly a year of clashes with Hezbollah.
“Back in September I came and was still hoping we could prevent a full-fledged war of Israel attacking Lebanon. Two months later Lebanon is on the brink of collapse,” Josep Borrell told reporters in Beirut.


Israeli army orders Gaza City suburb evacuated, spurring new displacement wave

Updated 24 November 2024
Follow

Israeli army orders Gaza City suburb evacuated, spurring new displacement wave

  • Israeli military blames Hamas rocket fire for renewed evacuation directive
  • Palestinians say hospitals in north Gaza barely functioning

CAIRO: The Israeli military issued new evacuation orders to residents in areas of an eastern Gaza City suburb, setting off a new wave of displacement on Sunday, and a Gaza hospital director was injured in an Israeli drone attack, Palestinian medics said.
The new orders for the Shejaia suburb posted by the Israeli army spokesperson on X on Saturday night were blamed on Palestinian militants firing rockets from that heavily built-up district in the north of the Gaza Strip.
“For your safety, you must evacuate immediately to the south,” the military’s post said. The rocket volley on Saturday was claimed by Hamas’ armed wing, which said it had targeted an Israeli army base over the border.
Footage circulated on social and Palestinian media, which Reuters could not immediately verify, showed residents leaving Shejaia on donkey carts and rickshaws, with others, including children carrying backpacks, walking.
Families living in the targeted areas began fleeing their homes after nightfall on Saturday and into Sunday’s early hours, residents and Palestinian media said — the latest in multiple waves of displacement since the war began 13 months ago.
In central Gaza, health officials said at least 10 Palestinians were killed in Israeli airstrikes on the urban camps of Al-Maghazi and Al-Bureij since Saturday night.
Hospital director wounded by gunfire
In north Gaza, where Israeli forces have been operating against regrouping Hamas militants since early last month, health officials said an Israeli drone dropped bombs on Kamal Adwan Hospital, injuring its director Hussam Abu Safiya.
“This will not stop us from completing our humanitarian mission and we will continue to do this job at any cost,” Abu Safiya said in a video statement circulated by the health ministry on Sunday.
“We are being targeted daily. They targeted me a while ago but this will not deter us...,” he said from his hospital bed.
Israeli forces say armed militants use civilian buildings including housing blocks, hospitals and schools for operational cover. Hamas denies this, accusing Israeli forces of indiscriminately targeting populated areas.
Kamal Adwan is one of three hospitals in north Gaza that are barely operational as the health ministry said the Israeli forces have detained and expelled medical staff and prevented emergency medical, food and fuel supplies from reaching them.
In the past few weeks, Israel said it had facilitated the delivery of medical and fuel supplies and the transfer of patients from north Gaza hospitals in collaboration with international agencies such as the World Health Organization.
Residents in three embattled north Gaza towns — Jabalia, Beit Lahiya and Beit Hanoun — said Israeli forces had blown up hundreds of houses since renewing operations in an area that Israel said months ago had been cleared of militants.
Palestinians say Israel appears determined to depopulate the area permanently to create a buffer zone along the northern edge of Gaza, an accusation Israel denies.
Israel’s campaign in Gaza has killed more than 44,000 people, uprooted nearly all the enclave’s 2.3 million population at least once, according to Gaza officials, while reducing wide swathes of the narrow coastal territory to rubble.
The war erupted in response to a cross-border attack by Hamas-led militants on Oct. 7, 2023 in which gunmen killed around 1,200 people and took more than 250 hostages back to Gaza, according to Israeli tallies.