Iranian hackers are poised to pursue targets including U.S. infrastructure if and when tensions worsen between Washington and Tehran, experts warn in a new report.
“The United States is reliant on an inadequately guarded cyberspace and should anticipate that future conflicts, online or offline, could trigger cyber attacks on U.S. infrastructure,” according to report involving Iran’s cyber capabilities published by the Carnegie International Endowment for Peace, a foreign-policy think tank with offices in D.C. and abroad.
“The first priority should be to extend efforts to protect infrastructure and the public, including increased collaboration with regional partners and nongovernmental organizations targeted by Iran,” the report said.
The U.S. and Iraq have been credited with waging successful cyberattacks against one another for years, ranging from the Stuxnet worm that disrupted Tehran’s nuclear program during the Obama administration, to a recently revealed espionage operation that targeted U.S. aviation and energy companies, among other victims.
But while Washington’s cyber abilities are widely regarded as head and shoulders above Tehran’s, the authors of the new Carnegie report released Thursday warn that worsening tensions between nations risk provoking state-sponsored hackers to unleash comparably unsophisticated but persistent campaigns potentially capable of compromising U.S. targets.
“Renewed hostilities between Iran and the United States could be expected to involve the targeting of vulnerable economic, civilian, and governmental services,” the authors wrote.
“Under current perceptions of Iranian offensive cyber capabilities, it is unclear that it would be prepared and able to launch attacks against the power grid or industrial control systems,” the report said. “Instead, attacks would follow the path of least resistance — targeting state and local governments rather than federal infrastructure, or unprepared sectors that have not been previously targeted such as transportation and logistics rather than the financial services.”
Despite lacking in sophistication, however, the report recalls that even an elementary cyberattack can result in wide-ranging repercussions, evidenced most notably during the 2016 U.S. presidential race when hackers breached the personal email account of John Podesta, Democratic presidential nominee Hillary Clinton’s campaign manager.
“Some of the most damaging materials used in the operation came via a simple breach of a Gmail account, an opportunity available to anyone,” wrote cybersecurity researcher Collin Anderson and Carnegie senior fellow Karim Sadjadpour.
“Given the level of rudimentary nature of its cyber operations, a purely political or legal response that is focused solely on deterring Iran would be ineffective toward addressing national cybersecurity risks. Any system that can be breached by Iranian groups is equally susceptible to others with similar sets of motivations, notably North Korea and Hamas. An effective policy response to the threats posed by Iran must focus on securing critical infrastructure overall,” their report said.
Russian hackers breached Mr. Podesta’s account and other targets associated with the 2016 race during the course of a state-sponsored interference campaign authorized by President Vladimir Putin, according to U.S. intelligence officials. Security researchers have since linked Russian military intelligence to attempts at infiltrating over 4,700 unique email accounts during the course of that campaign, though Moscow has continued to denied allegations of election meddling.
Iranian hackers, meanwhile, conducted an hourslong cyberattack over the summer in an attempt to breach about 9,000 email accounts associated with dozens of members of U.K. Parliament, including cabinet ministers and Prime Minister Theresa May, among others, British media reported in October. About 90 accounts were breached, including those belonging to roughly 30 members of Parliament, the reports said.