The US government has echoed concerns from the cybersecurity industry that Iranian state hackers could respond to the assassination of a top Tehran general with attacks on US critical infrastructure (CNI).
Widely considered the second most powerful man in Iran, Qassem Suleimani was killed by a US drone strike in Baghdad on Friday.
Military and political leaders in the country have warned of retribution, while signs posted along the vast funeral procession today are reported to have read: “Harsh revenge is awaiting.”
The Department for Homeland Security (DHS) has duly issued an alert warning of a terror threat on home soil, although it admitted “at this time we have no information indicating a specific, credible threat to the homeland.”
However, an attack could come with little or no warning, with cyber a likely vector, it said.
“Previous homeland-based plots have included, among other things, scouting and planning against infrastructure targets and cyber-enabled attacks against a range of US- based targets,” the notice continued.
“Iran maintains a robust cyber program and can execute cyber-attacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”
On Saturday, the website of the government-run American Federal Depository Library Program (FDLP) was defaced with an image of a bloodied Donald Trump. Industry experts believe things could escalate even further.
John Hultquist, director of intelligence analysis at FireEye, warned of an uptick in cyber-espionage against government entities, designed to give Tehran a geopolitical advantage, and destructive attacks on CNI.
“Iran has leveraged wiper malware in destructive attacks on several occasions in recent years. Though, for the most part, these incidents did not affect the most sensitive industrial control systems, they did result in serious disruptions to operations,” he added.
“We are concerned that attempts by Iranian actors to gain access to industrial control system software providers could be leveraged to gain widespread access to critical infrastructure simultaneously. In the past, subverting the supply chain has been the means to prolific deployment of destructive malware by Russian and North Korean actors.”