Skip to main content

Iran to retaliate for Suleimani’s killing with disruptive and destructive attacks

(Image credit: FireEye)

Iran’s retaliation for the US’ targeted killing of its top general Qassem Suleimani will likely involve destructive attacks, apart from the real-world attacks, warns a cybersecurity expert.

Iranian hackers have claimed responsibility for defacing the websites of Sierra Leone Commerical Bank and the US Federal Depository Library Program, immediately after the assassination. The websites were taken offline as soon as the breach was noticed.

With tensions mounting and Iran threatening “severe revenge” over the killing, Alister Shepherd, Middle East and Africa director for Mandiant at FireEye, told TechRadar Middle East that concerns have arisen that the blowback could come in the form of hacking attacks on critical infrastructure sectors, especially energy, oil and gas sectors.

 Shepherd said that the primary focus on the oil and gas sector by the hackers is that it will have a big impact publicly and partially due to the sanctions.

 Moreover, he said that Iran targets Saudi Arabia and regional oil and gas industries but it [Iran] is finding it difficult to have the same impact it did in 2012 and 2013.

 “It just doesn’t need to be only these sectors as we have also seen Iran state-sponsored hackers targeting wider sectors such as telecoms and finance also,” he said.

In response to earlier US sanctions, Iran had carried a series of denial-of-service attacks (DDoS) in 2012 and 2013 to take down the websites of Bank of America, New York Stock Exchange and Nasdaq.

They even wiped out the servers of Sands Casino in Las Vegas, two years later.

 State-sponsored or advanced persistent threat (APT) groups such as APT33, APT34, APT35 and APT39 are from Iran and their victims' span every sector and extended well beyond regional conflicts in the Middle East.

 In 2012, Iranian malware is known as Shamoon 1 reportedly destroyed thousands of computers at Saudi Aramco and Qatar’s RasGas. Shamoon 2 made similar attacks in 2016 and 2017 while Shamoon 3 made a new wave of attacks against targets in the Middle East oil and gas plants in December 2018.

“We know their capacity to conduct impactful attacks is more limited now and we haven’t seen recent attacks on the scale of Shamoon1, Shamoon2 and Shamoon3 malware attacks from 2012 onwards. Iran has continued to develop its capabilities after Shammon such as Deadwood, Shapeshift and ZeroCleare but the developments have been incremental, whilst governments and private sector entities have improved their defences,” Shepherd said.

Throughout 2019, he said that Iran has been conducting real-world attacks and cyberattacks due to imposing of new sanctions in November 2018 and the US pulling out of the Joint Comprehensive Plan of Action (JCPOA), also known as ‘Iran nuclear deal’, created in 2015.

 “We can expect a significant response to the assassination of Suleimani and see Iran attempting disruptive and destructive attacks at its disposal by using all resources, mainly aimed at the US and its allies in the Middle East,” he said.

 “We could probably see an uptick in espionage as Iranian hackers seek to gather intelligence and better understand the dynamic geopolitical environment and create large networks of inauthentic news sites designed to amplify pro-Iran propaganda globally and discredit rivals, including the US,” he said.