Expert Warns: Cyberattacks Against Iran Likely To Continue

Miniatures of people with computers are seen in front of binary codes and words 'Cyber attack' in this illustration taken July 19, 2023.
Miniatures of people with computers are seen in front of binary codes and words 'Cyber attack' in this illustration taken July 19, 2023.

A cybersecurity specialist asserts that the Iranian regime will continue facing increasing cyberattacks due to “structural defects” in their cyber defense systems.

Amin Sabeti told Iran International that digital security cannot rely solely on slogans and rhetoric, predicting further large-scale cyberattacks against Iranian targets.

The latest episode in a long series of cyberattacks in the past few years, was a major of hack of parliament’s servers that brought to light troves of documents, including the real income of lawmakers and US sanctions evasions.

He further stated that many projects aimed at developing what the regime terms “domestic services” have failed due to their reliance on corrupt connections and nepotism rather than meritocracy and expertise.

According to Sabeti, both public and private organizations in Iran do not take information security audits seriously. He emphasized that severing ties with the global internet cannot guarantee cybersecurity, highlighting the inefficacy of the regime’s costly “national internet” project.

Cybersecurity specialist Amin Sabeti
Cybersecurity specialist Amin Sabeti

Meanwhile, an Iranian lawmaker acknowledged the country's vulnerability to cyberattacks due to structural weaknesses in its cyberspace control. Shahriar Heydari, deputy chairman of the National Security and Foreign Policy Commission of the Iranian parliament, stated that the National Organization for Passive Defense and the Intelligence Ministry should be held accountable for recent cyberattacks against Iran.

“Cyberspace is a war of information. Every country needs to secure its systems against hacking and data theft,” Heydari stressed.

His remarks came two days after a cyberattack targeted over 600 Iranian government servers, including the Khaneh Mellat News Agency, the Iranian parliament’s media arm. Hacktivist group Uprising till Overthrow, closely linked with the Albania-based opposition Mujahideen-e Khalq (MEK) organization, claimed responsibility for the attack.

Heydari accused MEK of attempting to defame the Iranian parliament ahead of the upcoming parliamentary and Assembly of Experts elections on March 1. Documents leaked following the hack uncovered a wide range of Tehran’s strategies to circumvent US sanctions. The documents revealed the parliament's coordination with designated Iranian entities and individuals to facilitate their trade activities and conceal their identities and connections from international regulatory bodies.

Some other documents were also released by a group calling itself ‘Uprising till Overthrow’, including those related to the high salaries of Iranian lawmakers. Lawmakers have incomes that are at least 20 times more than what an ordinary government employee earns.

In December, a cyberattack paralyzed gas stations across Iran. The hacking group ‘Gonjeshk-e-Darande’ or Predatory Sparrow announced the attack on X, claiming that they took out “a majority of the gas pumps throughout Iran.” Tehran accuses the group of having links to Israel.

According to Heydari, the head of Iran’sPassive Defense Organization was invited to a session of the parliament’s National Security Commission following the December cyberattack.

“Instead of being accountable, he just justified and described the incident. Our problem is that if we invite an organization, the first thing they do is to justify and provide performance statistics, instead of discussing the main issue,” the lawmaker added.

However, the Iranian regime has been involved in sustained cyber operations against different targets around the world, to gain information or disrupt government operations and private companies.

Microsoft disclosed on Wednesday that state-backed hackers from Iran, Russia and China have been leveraging tools developed by Microsoft-backed OpenAI to enhance their cyber espionage capabilities.

Earlier in November, Microsoft’s Threat Analysis Center (MTAC) reported that Iran has intensified its cyberattacks and influence operations since 2020, targeting Israel and other countries. The report also warned that Iran, Russia and China are likely to plan to influence the upcoming elections in the United States and other countries in 2024.

In December 2023, Iran-linked hackers targeted a water facility in the rural area of County Mayo in Ireland, leaving the residents without water for two days. The attack was carried out by pro-Iran Cyber Av3ngers group which claimed that the facility was attacked because it used an Israeli-made piece of equipment.

Iran International revealed last month that Iran’s Intelligence Ministry conductscyberattacks against Israeli civilian targets via a cover tech company. The cyber group ‘Black Shadow’ (“Saye-ye Siah” in Persian), which targeted Ziv Medical Center in the northern Israeli city of Safed in November is in fact a tech company in Iran.