Iran's cyber conflict with Israel has reached global proportions, with cyberattacks against businesses and government agencies on other continents causing arguably as much ruckus as those in Israel itself.
While US military bases and international shipping routes are peppered by its proxy terrorist outfits - most notably, the dernier cri Houthis - Iran's cyber threat cloud has been spreading its attacks into the US and Europe, against targets perceived to be aligned with its bête noire.
Among the latest victims of this Phase 3 pressure offensive: an Albanian government organization and Iran's military guard itself.
The Latest in Iran's Global Cyber Offensive The most recent known case occurred on Feb. 1.
Claiming the attack for itself, it described the event as more extortion than denial-of-service, with more than 100 terabytes of population and geographic information system data copied and then deleted from the organization's servers.
As Microsoft noted in its report, Homeland Justice has previously targeted Albania, alongside other countries perceived to be in support of Israel.
Not one day after Albania's statistics snafu, Iran's cyberattack net once again reached US shores, when the Department of the Treasury's Office of Foreign Assets Control sanctioned six officials with the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command.
The action follows a December intrusion into Vision Series programmable logic controllers, developed by the Israeli-American company Unitronics, and utilized in both countries' critical infrastructure.
As OFAC noted in its press release, IRGC-CEC's latest high-profile industrial attacks were far from its first or only against the US, Israel, and Europe.
Though it might at first seem short-sighted for Iran to unnecessarily drag the US into a cyber conflict, the Insikt analyst suggests that it could be a well-calculated risk.
The Three Phases of the Conflict According to Microsoft, Iran's pseudo-cyber war against Israel can be split into three distinct phases.
Phase 1, during the initial days following the Oct. 7 Hamas terrorist attack, was rather amateurish, the report claims.
Phase 2, beginning in mid-to-late October, ratcheted up the volume.
The number of groups working actively against Israel rose from nine to at least fourteen.
Iran conducted ten cyber-enabled influence operations in that month alone, alongside more coordinated and destructive campaigns.
Still, much of the winnings from its most successful campaigns were overstated.
In Phase 3 the attacks have become even more honed, utilizing more advanced tactics, techniques, and procedures, targeting more significant businesses and critical infrastructure operators, and weaving in more effective messaging aimed at undermining Israeli morale and pressuring Israel's allies.
If recent months are anything to go by, we won't know until it happens what the next Iranian cyberattack will look like.
This Cyber News was published on www.darkreading.com. Publication date: Thu, 08 Feb 2024 17:15:08 +0000