Iran Suspected in Worldwide Cyberattacks

Iran Suspected in Worldwide Cyberattacks

‘Unprecedented’ cyberattacks targeting Western governments and organizations have been traced to hackers in the Islamic Republic.

FireEye, a California cybersecurity and intelligence firm, released a report on January 9 linking Iran to a pattern of cyberattacks dating back to 2017. These attacks targeted nations in North America, Europe, North Africa and the Middle East. The report states, “This campaign has targeted victims across the globe on an almost unprecedented scale, with a high degree of success.”

This series of attacks, occurring from January 2017 up to the present, targeted telecommunications organizations and Internet infrastructure entities, commercial businesses handling sensitive information, and even government bodies. The hackers accessed sensitive information belonging to the organizations, as well as personal information belonging to individuals registered with these organizations. The FireEye report stated:

Preliminary technical evidence allows us to assess with moderate confidence that this activity is conducted by persons based in Iran and that the activity aligns with Iranian government interests.

  • FireEye Intelligence identified access from Iranian IPs to machines used to intercept, record and forward network traffic. While geolocation of an IP address is a weak indicator, these IP addresses were previously observed during the response to an intrusion attributed to Iranian cyberespionage actors.
  • The entities targeted by this group include Middle Eastern governments whose confidential information would be of interest to the Iranian government and have relatively little financial value.

Cyberattacks across the world have increased dramatically in the past decade. According to the Financial Times, the global number of cybersecurity incidents that occurred in 2009 was less than 5 million. By 2015, that number had jumped to nearly 60 million. It is clear that this is a new and growing field of battle and a chief point of concern for vulnerable governments and other organizations.

A 2016 World Economic Forum article listed the world’s most prominent “cyber superpowers,” which included China, Israel, Russia, the United Kingdom and the United States. Although Iran did not make the list, the article did specifically point out that “Iran is rapidly developing its cybercapabilities and is thought to be behind several major attacks in the [Middle Eastern] region.”

Iran has a history of using cyberwarfare to achieve its goals. In August 2012, an attack was carried out by an Iranian group known as Cutting Sword of Justice against Saudi Arabia’s state oil company, Saudi Aramco. The company lost 30,000 of its 40,000 computers, and sensitive information was stolen. Saudi Aramco nearly collapsed as a result. Data from 75 percent of Aramco’s computers was completely wiped.

The attack on Saudi Aramco was reportedly conducted by the Iranian group as retaliation for Saudi Arabia’s actions in Syria, Bahrain, Yemen, Lebanon and Egypt, many of which have attempted to contain Iran’s expansion of power.

This was the first significant use of malware used to attack an organization for political and social aims, and it showed that traditional antivirus software was not enough to protect against such advanced cyberattacks.

More recently, since 2017 Iran has been linked to a cyber influence operation that has targeted groups in the U.S., Europe, Latin America and the Middle East.

This operation involved fabricated news sites and fake social media accounts that promote agendas and policies favorable to Iran, such as the Joint Comprehensive Plan of Action nuclear agreement, pro-Palestinian news stories, and anti-Israel sentiments. These false sites set up by Iran posed as Western left-leaning news organizations.

Besides pushing liberal agendas to further Iran’s purposes, this attack also involved stealing personal information from individuals who registered at the false news websites.

Iran’s history of cyberattacks, highlighted by this most recent incident, ties in with Bible prophecies. Daniel 11:40 describes a “king of the south” (radical Islam, led by Iran) pushing against a “king of the north” (united Europe, led by Germany). For information on these world players, request The King of the South and Germany and the Holy Roman Empire.

These cyberattacks, which have targeted some European nations and organizations, could contribute to Iran’s push against Europe. They demonstrate Iran’s emboldened behavior and aggressive foreign policy.

Even more specifically, these attacks could point toward the formation of the Psalm 83 alliance. This psalm lists a group of nations allied with Assur (modern Germany). Included in this alliance are “the Ishmaelites,” who comprise modern-day Saudi Arabia and its smaller Gulf neighbors. Saudi Arabia has been on the receiving end of devastating cyberattacks from Iran, including the 2012 Saudi Aramco incident. No doubt, this latest attack from Iran targeted its greatest regional rival.

Saudi Arabia and its Gulf neighbors are prophesied to ally with the German-led king of the north, and these attacks could push the kingdom to rely on European help to bolster its cybersecurity.

In the coming months and years, watch for Iran to continue its bold, pushy attacks against Europe and Europe’s Middle Eastern allies—not only militarily and through terror proxies, but also in cyberspace. For more information, request your free copy of The King of the South.