Iran 'giving Hezbollah cyber training' as it embraces digital warfare

UK think tank says Iran has expanded its cyber presence

Reflection of male hacker coding working hackathon at laptop
Powered by automated translation

Iran's leadership has embraced cyber operations and provided training to its ally Hezbollah, a think tank said.

A report by the International Institute for Strategic Studies said Iran sees itself as being in an “intelligence and cyber war” with its rivals.

It said Tehran has expanded its cyber capabilities since the Stuxnet attack on its nuclear programme more than a decade ago, thought to be the work of the US and Israel.

Iran’s desire to quell domestic opposition has intensified its use of cyber surveillance tools.

But Tehran probably lacks the ability to carry out high-intensity, “warfare-grade” cyber attacks, the report said.

The warning comes after German intelligence said that Iran had carried out cyber attacks which hit targets in Europe and the US.

In one case uncovered in Berlin, Iran was blamed for a cyber-attack on German companies in which employees were duped into installing malware.

European intelligence officials fear that Iran is seeking the technical know-how required to develop nuclear weapons.

The Stuxnet breach occurred when Iran had few domestic experts on cyber security and limited access to foreign expertise.

Since then, Iran “has become a determined cyber actor against US, Gulf Arab and Israeli interests”, the IISS report said.

It said some of Iran’s operations in the West appeared to be speculative efforts at data theft.

Iranian operatives are also suspected of meddling in politics, for example by encouraging the push for Scottish independence in order to weaken the UK.

Regional power 

Tehran’s efforts in the West were undermined by the fact that they appeared to be easily detected and attributed to Iran, the IISS said.

But Iran was described as a significant regional cyber power which has carried out “disruptive and destructive” attacks on infrastructure.

Tehran is believed to have provided “cyber tools and training” to Hezbollah, its ally in Lebanon.

Iran has deployed offensive cyber for diverse goals and against a range of targets worldwide

Iran was described as being more tolerant than many countries of “patriotic hackers” who carry out cyber operations without formal direction from the authorities.

One such group is the Iranian Cyber Army, a collection of hackers thought to have links to the Islamic Revolutionary Guard Corps.

The hackers are thought to be loyal to Iran's supreme leader Ayatollah Ali Khamenei.

Domestic dissidents are believed to be a priority target for cyber operations in Iran.

Iran's efforts to monitor domestic foes have "dovetailed with the government’s desire to counter external threats", the report said.

“Iran has deployed offensive cyber for diverse goals and against a range of targets worldwide,” researchers said.

“Its cumulative experience now represents a relatively high level of operational maturity, with the regime’s embrace of cyber operations firmly established as a useful instrument of national power.”

(FILES) -- An Iranian security man stands next to journalists outside the reactor building at the Russian-built Bushehr nuclear power plant in southern Iran on August 21, 2010. The Stuxnet computer worm has infected 30,000 computers in Iran but has failed to "cause serious damage," Iranian officials were quoted as saying on September 26, 2010. A German computer security researcher suspected Stuxnet's target was the Bushehr nuclear facility in Iran, where unspecified problems have been blamed for getting the facility fully operational. AFP PHOTO/ATTA KENARE
Iran upgraded its cyber strength after its nuclear programme was hit by the Stuxnet virus. AFP 

Cyber survey 

The IISS report assessed the cyber capabilities of 15 countries, including the UK, US, Russia and North Korea.

It described the US as the world’s leading cyber power, although more politically and legally constrained than some of its rivals.

The UK was regarded as possessing a high-quality cyber intelligence capability and benefiting from its close partnership with Washington.

The US and UK are part of the Five Eyes intelligence alliance with Australia, Canada and New Zealand.

Britain has ambitions to be one of the world's leading democratic cyber powers, according to its recent defence and foreign policy review.

It says it will use offensive tools under the control of its National Cyber Force to deter threats.

The report said Russia saw cyber operations as part of a wider "information war" in its confrontation with the West.

Moscow was blamed for the SolarWinds attack on the US federal government which came to light last year.

Nato leaders said at a summit this month that a cyber attack could trigger the alliance's mutual defence guarantee, known as Article 5.

A significant cyber attack "might, in certain circumstances, be considered as amounting to an armed attack", they said.