US opts for cyber hit on Iran
Military network controlling missile launchers disabled in response to downing of drone
Military cyber forces in the US launched a strike against Iranian military computer systems on Friday as President Donald Trump backed away from plans for a more conventional military strike in response to Iran’s downing of a US surveillance drone, US officials said yesterday.
Two officials said the strikes were conducted with approval from Trump. A third official confirmed the broad outlines of the strike. All spoke on condition of anonymity because they were not authorised to speak publicly about the operation.
The cyberattacks — a contingency plan developed over weeks amid escalating tensions — disabled Iranian computer systems that controlled its rocket and missile launchers, the officials said. Two of the officials said the attacks, which specifically targeted Iran’s Islamic Revolutionary Guard Corps computer system, were
provided as options after Iranian forces blew up two oil tankers earlier this month.
The IRGC, which was designated a foreign terrorist group by the Trump administration earlier this year, is a branch of the Iranian military.
The action by US Cyber Command was a demonstration of the nation’s increasingly mature cyber military capabilities and its more aggressive cyber strategy under the Trump administration. Over the last year US officials have focused on persistently engaging with adversaries in cyberspace and undertaking more offensive operations.
Tensions have escalated between the two countries ever since the US withdrew last year from the 2015 nuclear deal with Iran and began a policy of “maximum pressure”.
Iran has since been hit by multiple rounds of sanctions. Tensions spiked last week after Iran shot down an unmanned US drone — an incident that nearly led to a US military strike against Iran on Thursday evening.
The cyberattacks are the latest chapter in the US and Iran’s ongoing cyber operations targeting the other. Yahoo News first reported the cyber strike.
In recent weeks, hackers believed to be working for the Iranian government have targeted US government agencies, as well as sectors of the economy, including finance, oil and gas, sending waves of spear-phishing emails, according to representatives of cybersecurity companies CrowdStrike and FireEye, which track such activity. This new campaign appears to have started shortly after the Trump administration imposed sanctions on the Iranian petrochemical sector this month.
It was not known if any of the hackers gained access to the targeted networks with the emails, which mimic legitimate emails but contain malicious software.
“Both sides are desperate to know what the other side is thinking,” said John Hultquist, director of intelligence analysis at FireEye.
“You can absolutely expect the regime to be leveraging every tool they have available to reduce the uncertainty about what’s going to happen next, about what the US’ next move will be.”
CrowdStrike shared images of the spear-phishing emails with the Associated Press.
One such email that was confirmed by FireEye appeared to come from the Executive Office of the President and seemed to be trying to recruit people for an economic adviser position. Another email was more generic and appeared to include details on updating Microsoft Outlook’s global address book.
The Iranian actor involved in the cyberattack, dubbed “Refined Kitten” by CrowdStrike, has for years targeted the U.S. energy and defense sectors, as well as allies such as Saudi Arabia and the United Arab Emirates, said Adam Meyers, vice president of intelligence at CrowdStrike.