Cyber threats from Iran have more than tripled in the last two years, security experts at Microsoft have warned. Iranian cyber criminals appear to be targeting operational technology, particularly in Israel, a new report from MSFT says. There is also evidence of Western countries being attacked in what the researchers are calling “cyber enabled influence operations,” where Iranian cybercriminals try to cause political instability.
Cybercriminals in Iran are targeting the Western shipping industry in particular, researchers have told Tech Monitor.
Iranian cybercriminals accelerate attacks on operational technology
In its report, Microsoft’s Threat Intelligence Team explains that 24 unique cyber-enabled influence operations (IO) were linked to the Iranian government in 2022, compared to seven in 2021.
State-sponsored Iranian criminals are supplementing their usual cyber offensive with these cyber-enabled IOs. According to a Microsoft warning, hackers in Iran are leveraging IOs to conduct high-impact cyberattacks against operational technology. This appears to correspond with a decline in the more common ransomware and wiper attacks.
Though Iran’s techniques may have changed, its targets have not. These operations remain focused on Israel, prominent Iranian opposition figures and groups, and Tehran’s Gulf state adversaries such as Saudi Arabia. Iran directed nearly a quarter (23%) of its cyber operations against Israel between October 2022 and March this yar, with the US, United Arab Emirates, and Saudi Arabia also bearing the brunt of these efforts, Microsoft’s researchers said.
Georgia Osborn, senior research analyst at Oxford Information Labs says Iran “has targeted specific industries or infrastructure, particularly the shipping industry.” She says this is “of particular interest with commercial ships travelling through the Strait of Hormuz,” which links the Persian Gulf and the Gulf of Oman. It provides the only sea passage from the Persian Gulf to the open ocean and is one of the world’s most strategically important trade choke points.
“The shipping industry and its infrastructure are of particular importance, as if something goes wrong at sea, it is of immediate urgency,” Osborn adds.
Cyber-enabled IOs to influence geopolitics
Cyber-enabled IOs have also been used to try to influence Western politics. “The latest string of cyber-enabled IO in the last year has leveraged low-impact, low-sophistication cyberattacks, such as defacements, which are less time and less resource intensive, while dedicating more effort to its multi-pronged amplification efforts,” the report says.
In the past year, these cyber-enabled IOs have promoted a narrative that blames Western government agencies like the CIA for stoking the civil unrest in Iran.
Nato member nations and European countries will be at a heightened risk of future Iranian cyber IOs as the attacks increase in number and aggressiveness, the Microsoft research says.
Most of these operations have a predictable playbook, in which Iran uses a cyber persona to publicise and exaggerate a low-sophistication cyberattack before seemingly unassociated online personas amplify and often further hype the impact of the attacks, using the language of the target audience. New Iranian influence techniques include their use of SMS messaging and victim impersonation to enhance the effectiveness of their amplification, the report adds.