Iran will “absolutely” respond to the US and Israeli air strikes with cyber-attacks against a wide range of targets in the Middle East and beyond, Google’s chief of cyber threat intelligence has warned.

John Hultquist, chief analyst of Google Threat Intelligence Group (GTIG), made the comments at an event hosted by the Royal United Services Institute (RUSI) defense think tank in London.

The discussion was intended to focus on the threat of Russian cyber sabotage in Europe, but sudden escalation of the conflict in the Middle East saw much of the conversation focus around Iran and Iranian cyber capabilities.

Iran has long been classed as capable nation-state actor in cyberspace  with a history of numerous cyber espionage and other malicious hacking campaigns against the West.

Since the conflict started, Iran has retaliated with missile strikes against several of its neighbors – including Gulf Cooperation Council (GCC) members Qatar, Bahrain, Jordan, the United Arab Emirates (UAE) and Kuwait – all of which are home to US military bases.

Hultquist believes that these countries will inevitably find themselves being targeted by “aggressive” cyber-attacks by Iran.

“You’re not going to see some secret weapon; it won’t be very different from what we’ve seen going on for the last few years. What changes is the targeting,” he explained.

“Previously, we were talking about the targeting of a small state with an incredibly mature security capability [Israel]. Now we’re talking about a host of other targets, who may not have the same maturity. What that means is that we’re going to be forced to secure a very different attack surface globally.”

Hacktivist and Ransomware as a Front for Hostile State-Backed Cyber Action

Speaking to Infosecurity, Hultquist explained that there have long been blurred lines between the Iranian state and Iranian cybercriminal and hacktivist groups. “They’re really good at playing in this foggy space,” he said.

Hackers associated with the Iranian government have previously been accused of secretly working with ransomware groups to facilitate campaigns against organizations in the US.

Hultquist also expects Iran to continue to deploy these arms-length operations in offensive cyber campaigns against their perceived enemies, some of which might not have as robust cyber defenses as Israel or the US.

“I’m absolutely expecting attacks by hacktivist fronts that aren’t truly hacktivist fronts, that are just fronts for the Iranian Revolutionary Guard Corps (IRGC).  And I’m expecting ransomware incidents that aren’t really ransomware incidents,” he said.

“I’m expecting them in the US, GCC and anyone else who’s drawn Iran’s ire right now. Suddenly, they have a massive attack surface they can choose from, so they’re going to carry out those attacks,” Hultquist added.

Following the escalation of the conflict in Iran and the surrounding region, The National Cyber Security Centre (NCSC) has urged organizations  to take action to review their cybersecurity posture – especially if they have operations in the Middle East.

“There is almost certainly a heightened risk of indirect cyber threat for those organisations and entities who have a presence, or supply chains, in the Middle East,” the alert by the agency warned.