After Soleimani’s Killing, Will Iran Launch A Cyberattack Against The U.S.?
Qassem Soleimani, head of Revolutionary Guard Corps (IRGC) Quds Force, was killed on January 3 in a U.S. airstrike, it has been confirmed. International leaders are now calling for restraint as Iran-U.S. tensions escalate.
Indeed, many fear a physical response from Iran after the country’s supreme leader Ayatollah Ali Khamenei warned the U.S. of “harsh retaliation.”
Could part of Iran’s response include a cyberattack? It will be an option, but not initially, says Philip Ingram, MBE, a former colonel in military intelligence. He says a cyberattack is “not aggressive enough” and predicts physical retaliation.
“They will want real blood–in addition Iran is probably more cyber vulnerable than capable but it will play a part of their longer term response, possibly as a voluntary proxy for Russia.”
Soleimani killing: Layers of retaliation
Ingram thinks there will be several layers of retaliation. He wrote in a blog: “The immediate will be to show strength and will probably happen just after the three days of mourning.
“It will be a decisive act to send a clear message to the U.S. that Iran will not stand back and do nothing and is likely to be spectacular in nature.”
He then raises the possibly of “a massive increase in proxy terror using AQ, ISIS and other organizations, often without their direct knowledge, as plausibly deniable outlets targeting terror at the U.S. and its allies across the globe.”
Alongside this, Ingram predicts “greater cooperation with the Russians and increasing activity in the proxy wars across the region including in Yemen.”
CompTIA global faculty member Ian Thornton Trump points out that “Iran is already cyber-attacking; it’s not like they ever stopped.”
He says this could possibly ramp up as the result of the U.S. action. “But I think we need to understand the politics of the situation first. There are a lot of layers to the attack and most of them have a domestic, regional and international aspect.”
“Iran may make a lot of noise and kick off some proxy terrorist operations and cyberattacks. But my belief is the Iranians are not stupid, they don’t want a fight with the four major powers in the region: USA, Iraq, Saudi and Israel.”
Iran and cyber warfare: An interchangeable battlefield tool
As Doffman wrote in July last year, with cyber warfare an interchangeable battlefield tool, an attack in one domain can lead to retaliation in another.
He wrote: “Iran understands that retaliation against the U.S. military in the cyber domain might be akin to throwing rocks at a tank, but it can hit the vast and under-protected U.S. corporate sector at will.”
At the time an Iranian-led hack was targeting millions of unpatched Microsoft Outlook systems. It came weeks after the U.S. Cyber Command hit Iran’s command and control structure in the aftermath of the downing of a U.S. surveillance drone.
Iran has already been known to target commercial and industrial firms to great effect. Cybersecurity firm FireEye says it is “anticipating an elevated threat” from Iranian actors following the airstrike on Qassem Soleimani.
The company predicts “an uptick in espionage, primarily focused on government systems, as Iranian actors seek to gather intelligence and better understand the dynamic geopolitical environment.”
Iranian attacks against the private sector
FireEye also anticipates disruptive and destructive cyberattacks against the private sector. “Prior to JCPOA, Iran carried out such attacks against the U.S. financial sector as well as other businesses and probed other critical infrastructure,” says John Hultquist, director of intelligence analysis, FireEye.
“Since the agreement and despite the erosion of relations between Iran and the US, Iran has restrained similar activity to the Middle East. In light of these developments, resolve to target the U.S. private sector could supplant previous restraint.”
Iran often boasts about its own cyber-capabilities to intimidate its enemies. Last month, I reported that Iran was claiming to have thwarted a cyberattack on government servers, just days after allegedly foiling another cyber assault on its electronic infrastructure.
But last month, it emerged that Iranian hackers are also targeting critical infrastructure–industrial control systems used by power grids, manufacturing and oil refineries.