Foreign Affairs

Cyber Attacks Are a Likely Method of Iranian Retaliation Against the U.S.

National security experts believe that Iran’s retaliation against the U.S. targeted attack that killed its top general will likely include cyberattacks. Iran’s state-backed hackers are already among the world’s most aggressive and could inject malware that triggers major disruptions to the U.S. public and private sector.

Potential targets include manufacturing facilities, oil and gas plants, and transit systems. A top U.S. cybersecurity official is warning businesses and government agencies to be extra vigilant.


Such cyberattacks by Iran are not unprecedented. In 2012 and 2013, in response to U.S. sanctions, Iranian state-backed hackers carried out a series of disruptive “denial-of-service” attacks that knocked the websites of major U.S. banks offline, including Bank of America as well as the New York Stock Exchange and NASDAQ. Two years later, they wiped servers at the Sands Casino in Las Vegas, crippling hotel and gambling operations.

The disruptive hacks on U.S. targets eased when Tehran entered into the now-defunct nuclear deal with the Obama administration in 2015. So, now in the aftermath of the killing of Gen. Qassam Soleimani, and the scrapped nuclear deal — it is highly probable that such attacks will resume.

“Our concern is essential that things are going to go back to the way they were before the agreement,” said John Hultquist, director of intelligence analysis at the cybersecurity firm FireEye. “There are opportunities for them to cause real disruption and destruction.”

Iran has been doing a lot of probing of critical U.S. industrial systems in recent years — trying to gain access — but has limited its destructive attacks to targets in the Middle East, experts say. It’s not known whether Iranian cyber agents have planted destructive payloads in U.S. infrastructure that could now be triggered.

“It’s certainly possible,” Hultquist said. “But we haven’t actually seen it.”

While there is reason for concern, especially since Iran has been increasing its cyberattack capabilities, but, the experts agree that their abilities to conduct such an assault on US targets “is not in the same league as China or Russia.”

Still, cybersecurity experts say the threat should not be taken lightly. Iran is widely believed to have been behind a devastating 2012 attack on Aramco, the Saudi oil company. That attack is said to have wiped the data from more than 30,000 computers.

The top cybersecurity official at the Department of Homeland Security, Christopher Krebs, urged companies and government agencies to refresh their knowledge of Iranian state-backed hackers’ past exploits and methods after Soleimani’s death was announced. “Pay close attention to your critical systems,” he tweeted.

In June, Krebs warned of a rise in malicious Iranian cyber activity, particularly attacks using common methods like spear-phishing that could erase entire networks: “What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network.”

Foreign Affairs
2 Comments on this post.
  • Djea3
    7 January 2020 at 8:30 pm
    Leave a Reply

    This is EXCELLENT news because ALL cyber attacks leave indelible foot prints. This means that WHEN (not if) Iran decides to make such an attack it will be considered a terrorist attack (already defined globally as terrorism) and we will retaliate instantly upon verification of origin.
    The real question is if someone else has the capability to make it look like Iran did that. Then things could be messy. Either way Iran needs to lay down its sword instead of rattling it and inciting its people to war.

  • Tommyboy
    8 January 2020 at 8:20 pm
    Leave a Reply

    What’s your next fear ? Please stop the bullshit. You are losing credibility. PS I heard that Iran is going to melt our ice cream and flood the market with stale chewing gum. Ps Im losing sleep.

  • Leave a Reply