Most of the articles written about nation-state cyber threats to democratic states focus on China, Russia, and North Korea.
All three countries have notorious cyberattack pedigrees:
- China: experts at stealing intellectual property and R&D
- Russia: famous for election interference and keeping the U.S. in a "political churn," along with social engineering our social media against us
- North Korea: known for cyberattacks, like ransomware, which are fundraisers to help it survive amid very tight embargo restrictions and economic sanctions.
Less often talked about is Iran and its nation-state backed cyberattacks. Until the last few days, when Microsoft made a big announcement.
Here are three things we know about Iran and cyber warfare.
#1: Iran cyberattacks are now targeting U.S. elections
Microsoft announced a small in scale but high in strategy cyberattack coming from one of the key Iranian hacking groups.
"Today we're sharing that we've recently seen significant cyber activity by a threat group we call Phosphorus, which we believe originates from Iran and is linked to the Iranian government.
In a 30-day period between August and September, the Microsoft Threat Intelligence Center (MSTIC) observed Phosphorus making more than 2,700 attempts to identify consumer email accounts belonging to specific Microsoft customers and then attack 241 of those accounts. The targeted accounts are associated with a U.S. presidential campaign, current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside Iran."
According to Microsoft, they used a rather simple but effective method to gain access to some accounts:
"Phosphorus used information gathered from researching their targets or other means to game password reset or account recovery features and attempt to take over some targeted accounts. For example, they would seek access to a secondary email account linked to a user's Microsoft account, then attempt to gain access to a user's Microsoft account through verification sent to the secondary account. In some instances, they gathered phone numbers belonging to their targets and used them to assist in authenticating password resets."
The New York Times claims this was President Trump's re-election campaign that was attacked.
#2: Iran believes it can fight super powers in the cyber realm
CNN Military Analyst and cybersecurity expert Col. Cedric Leighton (USAF, Ret.) spoke to us at a SecureWorld conference about the cyber threat Iran poses.
"Iran's story is very interesting. They developed a cyber army that is associated with the Iranian Revolutionary Guard Corps (IRGC). Their main goal in that cyber army is to not only affect computer networks around the world, but also to go specifically into the networks of their neighbors.
The Iranian leadership has boasted about having this capability, that it gives them an asymmetric advantage. They understand the United States would be big threat to them in a normal kinetic war, but they realize there is a degree of vulnerability that they otherwise wouldn't be able to exploit if they didn't have that cyber capability.
If tensions continue to increase with Iran, we can expect more cyber events to originate from Iran and from the IRGC cyber army."
#3: Iran warns its critical infrastructure of cyberattacks by the U.S.
At the same time Iranian cyberattacks on the United States appear to be going after things like elections, Reuters reported on a very interesting angle to this story.
Iranian leaders are warning industry in Iran to protect itself against the likelihood of a cyberattack by the United States and other enemies.
Gholamreza Jalali, head of civil defense which is in charge of cyber security, called for beefing up security at industrial installations and said: "Our enemies consider the cyber domain as one of the main areas of threat against nations, especially Iran," the semi-official news agency Fars reported.
Iran has long been on alert over the threat of cyber attacks by foreign countries. The United States and Israel covertly sabotaged Iran's nuclear program in 2009 and 2010 with the now-famous Stuxnet computer virus, which destroyed Iranian centrifuges that were enriching uranium.
This whole thing reminds us of a promise former Secretary of Homeland Security Kirstjen Nielsen made a couple of years ago:
"I have a newsflash for America's adversaries: complacency is being replaced by consequences."
Consequences that countries like Iran are attempting to prepare for.