Cyber adjuncts to kinetic strikes in the Middle East.
The US and Iran appear to be seeking de-escalation following the US drone strike against Quds Force commander General Soleimani and Iran's retaliatory rocket barrage against two US bases in Iraq. The New York Times predicts Tehran will now turn its focus to cyber operations.
CISA on Monday released a warning not to underestimate Tehran’s capabilities. In a follow-up to its Director’s tweeted advice to review what Iran’s cyber operators have attempted and accomplished in cyberspace during recent years, the agency singles out four incidents as particularly worthy of study: distributed denial-of-service actions against the US financial sector from late 2011 through mid-2013; unauthorized access to control systems at the Bowman Street Dam in Rye, New York, in August and September of 2013; a data theft and wiper attack against the Sands Las Vegas Corporation in February 2014; and an espionage operation between 2013 and 2017 that the US Justice Department attributed to Iran's Mabna Institute.
CyberScoop reports that the Multi-State Information Sharing and Analysis Center (MS-ISAC) has also warned its members to watch out for Iranian cyberattacks. And New York State’s Department of Financial Services has also advised banks and other institutions that they may well receive the attentions of Iranian hackers.
A nuisance attack in solidarity with Tehran.
There’s also been one minor attack on a US Government website that would seem to represent the work of either Tehran’s operators or of patriotic hacktivists aligned with Iran. The website of the US Federal Depository Library Program (a GPO site that makes official documents broadly available) was defaced with Iranian messaging, Forbes reports. Forbes characterizes it as a “noisy” attack, which is usually the case with cyber vandalism. The Department of Homeland Security is investigating, and, as NBC News quotes CISA representatives, it’s too early for firm attribution: "At this time, there is no confirmation that this was the action of Iranian state-sponsored actors."
As the New York Times points out, the action amounted to picking low-hanging fruit, more target of opportunity than high-value target. The group that claimed responsibility calls itself the “Iran Cyber Security Group Hackers,” but even people disposed to look for the hand of Tehran aren’t immediately concluding that this crew is actually working under the direction of the Islamic Republic. They may amount to nothing more than sympathetic hacktivists.