Large cyberattack emanated from Iran days after Trump sanctions - watchdogs

Members of the Islamic Revolutionary Guard Corps seated in front of keyboards
Members of the Islamic Revolutionary Guard Corps seated in front of keyboards

A vast cyberattack mostly emanating from Iran was launched days after US President Trump unveiled his "maximum pressure" campaign of sanctions on the country, two internet security watchdogs cited by news site Cybersecurity Dive reported on Monday.

30,000 hacked security cameras and network video recorders have been deployed to carry out direct denial of service (DDoS) attacks on gaming platforms and telecom providers, the publication cited security researchers Nokia Deepfield and GreyNoise as saying.

Over 60% of the more than 1,000 observed IP addresses linked to the attack have been traced to Iran, GreyNoise said, noting that the attack came days after Trump reimposed the stepped-up sanctions on Iran from his first term.

The watchdogs did not ascribe any responsibility for the operation to Tehran.

“Its size is exceptional among non-state actor botnets, making it one of the largest known DDoS botnet campaigns observed since the invasion of Ukraine in February 2022,” security researcher Jerome Meyer at Nokia Deepfield wrote.

Meyer described the attack, dubbed Eleven11bot, as “one of the largest known DDoS botnet campaigns observed since the invasion of Ukraine in February 2022.”

US law enforcement officials accused Iran of seeking to meddle in the presidential election last year and have accused Iran's Islamic Revolutionary Guard Corps - an elite paramilitary body - of being behind Tehran's cyber operations.

Iranian operatives reportedly hacked the emails of Roger Stone, a longtime Trump adviser, and attempted to infiltrate the Kamala Harris campaign.

Meta alleged it had detected similar efforts on its WhatsApp messaging platform targeting both political campaigns.