Many are concerned that retaliatory cyber-attacks against the Western world are highly likely after President Trump's 8 May announcement that the United States would abandon the Iran nuclear deal.
Given that the Islamic Republic of Iran commonly responds to sanctions with offensive cyber-campaigns, understanding the hierarchy of Iran's hackers offers insight into how to best defend against the looming prospect of risk.
To that end, the Insikt Group, a threat research team that is part of Recorded Future community, has today released new research on cyber-activity in Iran. The information was garnered through interviews with a former Iranian hacker, who started one of Iran's first security forums.
"Judging from historical patterns, the businesses likely to be at greatest risk are in many of the same sectors that were victimized by Iranian cyberattacks between 2012 and 2014 and include banks and financial services, government departments, critical infrastructure providers, and oil and energy," wrote Levi Gundert, VP of threat intelligence at Recorded Future.
Iranian cyber-operations have long been administered through a tiered approach, using a trusted group of middle managers to translate intelligence priorities into segmented cyber-tasks. Those tasks are then bid out to multiple contractors – a system that pits contractors against each other for influence with the Iranian government.
In addition, the Insikt Group analyzed web traffic across prestigious academic institutions to find several activities of concern emanating from various registered ranges, including allocated IP spaces of Iran's Cyberspace Research Institute, the Imam Hossein Comprehensive University and the Mabna Institute, which was publicly identified in an FBI indictment as a front company engaged in hostile state-sponsored cyber-espionage.
Iran has a unique dynamic between trust and skill in selecting contractors to work for the Islamic Republic in accomplishing its offensive cyber-campaigns. However, "We believe that contractor selection for this response may favor speed and skill over trust and loyalty, resulting in the use of new or unproven contractors," said Gundert. "New or unproven contractor’s actions could result in a destructive attack with potentially wider impact than originally envisioned by the Iranian government."
"American businesses should be aware of Iran’s history and the likely response that these economic sanctions will trigger. Specifically, the financial services and energy industries should be preparing for the Iranian government’s response," said Gundert.