FLASH
Shkruar nga Jacob Judah
Tehran's cyber operatives are trying to sow fear and gather information through a wave of attacks that target not only Israel and the US, but also their allies. Albania is one of the clearest examples of this outreach, as it has been targeted due to its role in relation to the Iranian opposition...
Earlier this month, as rocket sirens echoed across Israel, thousands of citizens received text messages on their phones purporting to be from the military. The messages urged them to download a fake shelter app — a trap that could steal vast amounts of personal data.
Others were confronted with a massive message proclaiming: "Netanyahu is dead. Death is approaching you and soon the gates of hell will open before you! Leave Palestine before the fire of Iranian missiles destroys you."
According to cybersecurity experts, these messages are just the most visible part of a much broader clash taking place on the edges of the internet, between Iran, Israel, the US and their online supporters.
They don't carry weapons, but keyboards. However, Iranian hackers, who have been confronting Israel in the digital space for years, are considered among the most trained at Tehran's disposal. "The Iranians are using everything they have in this battle," said Chris Krebs, former director of the US Cybersecurity and Infrastructure Security Agency. "It's a total mobilization. If their operators are breathing, they're working on their keyboards..." he added.
The objectives of these operations are manifold: from spreading panic and creating chaos, to gathering intelligence and identifying targets for missile strikes. In the murky world of cyberwarfare, it is difficult to determine who has the upper hand. However, the impact on perception and morale has made this area essential, and Iran has invested heavily in penetrating American and Israeli defenses. According to analysts and former officials, Iran operates on three cyber levels, often intertwined.
At the forefront are the most advanced units, directly commanded by the Islamic Revolutionary Guard Corps and the Ministry of Intelligence. These structures operate through a complex network of front organizations, used to cover their tracks and articulate public threats.
In parallel, Tehran relies on semi-autonomous proxies, cybercriminals, and private contractors. At the broader level, volunteer digital activists are regularly mobilized to support the cause.
Their operations are suspected of having included the publication of personal data of employees of a major US defense contractor in Israel, attacks on the emails of politicians in Albania - a country that hosts an Iranian opposition group - and the infiltration of a nuclear research center in Poland.
A good portion of the most sensitive activities have likely never been made public.
The most serious attack attributed to them is related to Stryker, an American medical technology company.
Thousands of employees were forced to stop working after losing access to their systems, disrupting critical supplies and postponing surgeries. The Handala group, believed to be linked to Iranian intelligence, claimed to have deleted data from around 200,000 devices - an act that Krebs described as one of the most serious cyberattacks on the US in wartime.
Handala also claimed to have hacked into the personal email of FBI Director Kash Patel, posting private photos. The FBI confirmed that the account had been targeted by "malicious actors," but stressed that the materials were old.
The current clash is just a new chapter in a cyberwar that has been going on for years. The US and Israel possess more advanced capabilities and have often carried out deeper strategic strikes, such as the Stuxnet virus that severely damaged Iran's nuclear program.
Shortly before last month's airstrikes, the US launched cyber operations aimed at crippling Iran's ability to communicate and respond. Israel, on the other hand, has used cyber intelligence for long-term operations.
In one famous case, he hacked into traffic cameras in Tehran as part of a massive intelligence-gathering operation. He even reportedly used a popular prayer app to send messages to millions of Iranians urging them to abandon the regime.
"Only in this way can you save your life for Iran," one of them said.
But, compared to Russia or China, Iran is considered less technically advanced and often relies on simpler methods, such as phishing or viruses that delete data.
Historically, Tehran has used cyberattacks as a low-cost means of challenging more powerful adversaries, creating confusion and disruption. In 2022, Israeli media reported that Iranian hackers had broken into the old phone of the wife of the head of Mossad, publishing personal data on Telegram.
According to Alexander Leslie of Recorded Future, Iran is conducting this campaign in two directions: with loud attacks for psychological effect and with quieter, but more sophisticated operations. "Noise is not always what matters most," he emphasized.
The Seedworm group, which the US and UK say is linked to Iranian intelligence, has been trying to infiltrate US networks since early February. Several attempts have been thwarted by institutions such as banks, airports and defence companies.
Meanwhile, Israel remains a more difficult target to penetrate.
Authorities there report thousands of attacks on companies, only a few of which have been successful. Hacking of security cameras in the region has helped direct drone and missile attacks. According to experts, Iran has reached a new level of coordination by combining digital attacks with mass SMS messages.
However, some analysts are surprised that Iran has not yet struck more important strategic targets, such as critical infrastructure, something it has done in the past. The reasons could be various: weakening from Israeli attacks, internal internet restrictions, or the time needed to develop more complex cyber weapons.
There's also the possibility that operatives are already infiltrating sensitive systems, waiting for the right moment. "They may have long-term access that they don't want to burn yet," said Andy Piazza of Palo Alto Networks.
But if given time to regroup, some experts warn that Iran could deliver much more powerful strikes. "If given space to recover, they could develop the capacity for a more decisive strike," said Matthew Ferren of the Council on Foreign Relations.
Meanwhile, protection varies significantly from country to country. In Israel, the security of critical infrastructure is largely a state responsibility. In the US and Europe, this burden falls more on the private sector, which only seeks help after attacks.
The US also faces structural weaknesses related to the decentralized nature of the internet and the sheer size of its infrastructure. Analysts say these weaknesses have been exacerbated by political tensions that have affected the CISA agency, which operates with a reduced staff and no stable leadership.
"I'm worried because now our defensive weaknesses are obvious," said Emily Harding from the Center for Strategic and International Studies. / Pamphlet from the "Financial Times"
Lini një Përgjigje