May 28, 2020
IntelBrief: Iran and Israel Continue Their Shadow Conflict in Cyberspace
In early May, Israel launched a covert cyberattack against an Iranian port in the Strait of Hormuz, causing issues for Iranian shipping operations. The attack targeted the Shahid Rajaee port and while it certainly disrupted trade and commerce, it stopped short of devastating effects. And because Israel boasts among the most advanced cyberwarfare units of any country in the world, the narrowly focused and limited nature of the cyberattack was not due to a lack of capability on the part of the Israelis. Rather, the attack was meant to send a signal, as a means of pushing back against Iran’s actions in Syria and Tehran’s own growing cyber activities throughout the region. The tit-for-tat is all part and parcel of the long-running shadow conflict between Israel and Iran, which ebbs and flows and occasionally involves Israel bombing Iranian positions in Syria. The Israelis have also struck Iranian proxies in Lebanon and Iraq.
In April, Iran conducted a cyberattack against an Israeli water facility, a brazen, if insignificant attack against Israel’s critical infrastructure. The malware involved in the attack was analyzed by Israel’s National Cyber Directorate and determined to have originated with some of the Islamic Revolutionary Guard Corps’ (IRGC) offensive cyber units. This was hardly Iran's only foray into penetrating critical infrastructure.Back in 2013, Iranian hackers infiltrated the control system of a dam in upstate New York, which came on the heels of Iran-sponsored cyberattacks against U.S. banks and financial institutions. In terms of cyber, Iran is not ‘big-game hunting,’ at least not yet. But what these more modest targets suggest is an attempt to steadily probe for more significant vulnerabilities. If Tehran has its way, the goal is to graduate to higher-echelon capabilities like SCADA (supervisory control and data acquisition) attacks.
After the Stuxnet cyberattack that set back Iran’s nuclear program, Iran felt compelled to dedicate more resources to both offensive and defensive cyber capabilities. Iran’s cyberwarfare capabilities are improving, and are viewed as critical to Tehran’s ability to pose an asymmetric threat to its far more powerful adversaries, Israel and the United States. But Iran also views more refined cyberwarfare capabilities as essential to its ongoing regional dispute with Saudi Arabia and the United Arab Emirates, two countries which are also investing heavily in cyberwarfare and hacking capabilities. Iran sees its disinformation campaigns as a suitable complement to emerging offensive cyber capabilities. More recently, including during the coronavirus pandemic, the Iranians have been mimicking Chinese disinformation tactics.
Israel’s more measured and parsimonious responses to Iranian provocations are telling. The Israelis seem keen to avoid an escalation with Iran and other adversaries in the region, including the Iran-backed Lebanese Hezbollah. However, Israel has never shied away from defending itself, its military personnel, or its interests wherever they are threatened in the Middle East and beyond. And if Iran continues to provoke Israel by supplying its proxy forces throughout the region with increasingly sophisticated weaponry, including missiles, then Israel could very well choose to engage Iranian targets more frequently and less surreptitiously. With the Iran nuclear deal in shambles, Israel is keeping close watch on how Tehran proceeds next. And despite the killing of IRGC Quds Force commander Qassem Soleimani, biting sanctions imposed by the United States as part of its ‘maximum pressure’ campaign, and Iran’s struggles to deal with the spread of the coronavirus, the regime still seems undeterred. While most Iran-watchers are focused on its support to proxy forces, militias, and Iranian naval actions in the Persian Gulf, Tehran is slowly building up its cyber capabilities. These actions could lead to an escalation of tensions with Israel or other Iranian adversaries, including the United States.
For tailored research and analysis, please contact: firstname.lastname@example.org