Cyberattacks against Iran have reportedly compromised the country’s vital infrastructure, affecting all three branches of the government as well as nuclear facilities and energy networks, according to an Oct. 11 report by Iran International, a Persian-language news television channel based in London.
In a tweet, the channel cited Abdolhassan Firouzabadi, the ex-secretary of Iran’s Supreme Council of Cyberspace, as describing the attacks as “heavy,” adding that in addition to nuclear sites, fuel distribution, municipal networks, ports and transportation networks have been targeted.
“These are just part of a long list of various areas across the country that have been attacked,” the report said, adding that the timescale of the attacks was not clear.
Professor Eyal Zisser, vice rector and chair of contemporary Middle East history at Tel Aviv University, told JNS that cyberattacks can cause “severe damage to the economy and to vital sectors,” adding that the extent of the damage depends on the nature of the attack, its duration, and whether it is continuous or sporadic.
“One can assume that those behind the attack wanted to send a message and cause damage,” Zisser said, adding that reports so far do not appear to indicate dramatic damage.
“I assume that such cyberattacks can be far more dramatic and significant,” he stated, particularly if they are part of a broader attack.
“This is what happened with the beepers in Lebanon—although Israel did not take responsibility. This was also a kind of cyberattack, and was followed by kinetic strikes,” he noted.
The ability to inflict damage is significantly greater for civilian systems, which are more exposed than military or nuclear infrastructures, Zisser said.
Zisser pointed out that, in the case of Iran’s military and nuclear sectors, “from the outset, these are better protected, so the potential for damage there is probably smaller.”
‘To project influence’
Iran has both launched and been the target of repeated cyberattacks in recent years.
The Islamic Republic has been steadily building its cyber capabilities over recent years, according to an Oct. 9 report by Lawfare Media, a national security-focused nonprofit publication based in Washington.
Tehran has been harnessing cyber capabilities to project influence in the Middle East while avoiding direct conventional military confrontations, the report assessed.
Iran has employed cyber espionage and sabotage as a means to retaliate against sanctions and military threats. The publication reported that the multifaceted cyber strategy has allowed the Islamic Republic to “complement its broader geopolitical strategies,” and the integration of artificial intelligence into these operations has increased the scope of the threat.
The IRGC and other government bodies employ cyber-enabled information operations to influence both internal and external targets.
On the flip side, Iran has absorbed multiple major attacks, such as the cyber strike on Iran’s banking sector, reported on by Iran International on Aug. 21, in which the Central Bank of Iran, as well as other major banks, experienced disruptions that affected the country’s financial system.
Hackers reportedly stole sensitive information from account holders in Iran’s largest banks, marking one of the largest breaches in the country’s history.
Anonymous activists, mocking the regime, also posted notes on ATM machines saying, “Dear customers, it is not possible to withdraw money from the bank because all of Iran’s budget and national resources have been invested in the war for the benefit of the corrupt regime of the Islamic Republic.”
In May 2020, Israel reportedly launched a retaliatory cyberattack on Shahid Raja’i port in Bandar Abbas, Iran, following an Iranian attempt to disrupt Israel’s water infrastructure.
According to reports, Iran’s April 2020 attack targeted multiple points across Israel, causing irregularities in water systems, including a temporary failure of a water pump. The attack raised concerns over the possibility of a disaster if chemicals, such as chlorine, had been mixed incorrectly.
Despite its cyber capabilities, Iran remains highly vulnerable to external cyber offensives, if recent reports are to judge, particularly in its civilian and energy sectors.