Iranian telecommunications infrastructure experienced the largest cyber attack in the country’s history on the eve of its failed Zafar satellite launch, a government minister has said.
Data shows Iran’s telecommunications network experienced a significant disruption on the morning of February 8, affecting much of the country’s telecommunications network, leaving many people without internet or mobile phone services.
Hamid Fatahi, the Deputy Minister of Information and Communication Technology, said the attack was a distributed denial of service attack, or DDoS, which involves flooding servers with traffic in order to overwhelm them to the point of shutdown.
“Millions of points of origin, millions of destinations have been targeted,” he said on Twitter.
With several of Iran’s leading network operators implicated in the shutdown, national connectivity fell to a low point of 75 per cent of its ordinary levels, said NetBlocks, a non-government organisation that tracks internet usage in realtime.
Some networks were partially recovered within one hour, but NetBlocks noted other networks remained offline for up to seven hours.
Sadjad Bonabi, an official with Iran’s ICT Ministry, also confirmed a DDoS attack took place on Saturday, stating the attack was repelled by Iran’s cybersecurity defence programme dubbed Digital Fortress, or Dajfa in Farsi.
The Dajfa programme is designed to repel cybersecurity attacks against Iran and protect the country’s information infrastructure.
"The attack's sources and destinations were highly distributed," Mr Bonabi told The Financial Tribune, an English-language newspaper based in Iran. He said the attackers' origins had been falsified, or "spoofed", to appear to originate in East Asia and North America. He also said Dajfa had yet to detect signs of state involvement in the attack.
The challenge of verifying the actors behind a cybersecurity attack is precisely why they are an effective and increasingly used tool in modern warfare. A 2019 report published by the US National Security Agency and the UK National Cyber Security Centre noted that well-resourced Russian hackers were suspected of hijacking Iranian infrastructure to conduct operations that would be traced back to Iran, rather than Russia.
Iran has faced an increasing number of cyberattacks. The Dejfa programme was previously activated in December 2019 due to attacks on Iranian government servers, which occurred only days after a cyberattack on the country's electronic infrastructure.
But Iran also has high capabilities when it comes to cyberwarfare and it has been accused of launching many of its own offensive cyberattacks, most recently by the US after the killing of Maj Gen Qassem Suleimani, the leader of Iran's elite Quds Force.
The best-known cyber attack against Iran occurred when malware known as Stuxnet infected its nuclear enrichment system in 2010. The US and Israel are believed to have been behind that attack, although neither country has ever acknowledged responsibility.
Saturday’s DDoS attack occurred one day before Iran failed to launch its Zafar observation satellite into orbit. In response to the failed launch, the Iranian Minister of Information and Communications Technology Mohammad Javad Azari-Jahromi said: “I wanted to make you happy with good news but sometimes life does not go the way we want it to.”