View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Cybersecurity threats from Iran have tripled in the last two years – Microsoft

Sabotaging operational technology and creating political interference are the main objectives of the Iranian hackers, new research says.

By Claudia Glover

Cyber threats from Iran have more than tripled in the last two years, security experts at Microsoft have warned. Iranian cyber criminals appear to be targeting operational technology, particularly in Israel, a new report from MSFT says. There is also evidence of Western countries being attacked in what the researchers are calling “cyber enabled influence operations,” where Iranian cybercriminals try to cause political instability.

Iranian cybercriminals try new techniques to sew mistrust. (Photo by vanchai tan/Shutterstock)

Cybercriminals in Iran are targeting the Western shipping industry in particular, researchers have told Tech Monitor.

Iranian cybercriminals accelerate attacks on operational technology

In its report, Microsoft’s Threat Intelligence Team explains that 24 unique cyber-enabled influence operations (IO) were linked to the Iranian government in 2022, compared to seven in 2021.

State-sponsored Iranian criminals are supplementing their usual cyber offensive with these cyber-enabled IOs. According to a Microsoft warning, hackers in Iran are leveraging IOs to conduct high-impact cyberattacks against operational technology. This appears to correspond with a decline in the more common ransomware and wiper attacks. 

Though Iran’s techniques may have changed, its targets have not. These operations remain focused on Israel, prominent Iranian opposition figures and groups, and Tehran’s Gulf state adversaries such as Saudi Arabia. Iran directed nearly a quarter (23%) of its cyber operations against Israel between October 2022 and March this yar, with the US, United Arab Emirates, and Saudi Arabia also bearing the brunt of these efforts, Microsoft’s researchers said.

Georgia Osborn, senior research analyst at Oxford Information Labs says Iran “has targeted specific industries or infrastructure, particularly the shipping industry.” She says this is “of particular interest with commercial ships travelling through the Strait of Hormuz,” which links the Persian Gulf and the Gulf of Oman. It provides the only sea passage from the Persian Gulf to the open ocean and is one of the world’s most strategically important trade choke points.

“The shipping industry and its infrastructure are of particular importance, as if something goes wrong at sea, it is of immediate urgency,” Osborn adds. 

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

Cyber-enabled IOs to influence geopolitics

Cyber-enabled IOs have also been used to try to influence Western politics. “The latest string of cyber-enabled IO in the last year has leveraged low-impact, low-sophistication cyberattacks, such as defacements, which are less time and less resource intensive, while dedicating more effort to its multi-pronged amplification efforts,” the report says. 

In the past year, these cyber-enabled IOs have promoted a narrative that blames Western government agencies like the CIA for stoking the civil unrest in Iran

Nato member nations and European countries will be at a heightened risk of future Iranian cyber IOs as the attacks increase in number and aggressiveness, the Microsoft research says.

Most of these operations have a predictable playbook, in which Iran uses a cyber persona to publicise and exaggerate a low-sophistication cyberattack before seemingly unassociated online personas amplify and often further hype the impact of the attacks, using the language of the target audience. New Iranian influence techniques include their use of SMS messaging and victim impersonation to enhance the effectiveness of their amplification, the report adds. 

Read more: Iranian hacktivists hijack Revolution Day TV broadcast

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU