Cyberattack Activity Linked to the Middle East Increases
A new report from information assurance firm NCC Group found that hacktivism related to the Iran War has increased in several ways.
Attacks have increased in terms of volume, geographic scope, and actor diversity, and Iran has been able to maintain effective and adaptable offensive cyber capabilities, according to the report, Middle East Crisis: Cyber Update.
While cyber threats are unlikely to significantly change for groups outside of Iran’s “traditional” targets, the report noted that, “Organizations operating in Israel, or those maintaining commercial or governmental links with the U.S. or Israel, are expected to remain at heightened risk.” However, this may change if other nations become directly or indirectly involved in the conflict.
This elevated risk comes even though Iran has disrupted its own connectivity with a near-total Internet blackout roughly three weeks ago in the hopes of controlling the flow of information.
Regardless of the domestic interferences, “Iran’s cyber capabilities appear to be degraded but remain operational,” the report said. This is thanks to access ahead of the blackout in foreign networks, availability of external infrastructure, and the use of front companies and individuals.
Attacks involving Iranian state-linked threat actors have largely “focused on high-visibility, low-impact operations aimed at shaping perceptions rather than causing meaningful disruption,” the report said. The majority of activity involved Distributed Denial-of-Service (DDoS) attacks, data leak incidents, and website defacements.
The targets of state-linked threat actors, especially from groups linked to Iran’s Ministry of Intelligence and Security, are primarily Israeli government, military, and infrastructure entities. Critical infrastructure and technology sector organizations in nations that have indicated support for Israel or the United States—Australia, Cyprus, Germany, and Jordan—are also targets of the Iranian threat actors.
“The targeting of U.S. technology companies indicates the intent to weaken the perceived adversary’s technological infrastructure. Such attacks are used to send a message to both public and private organizations about their perceived vulnerability in a heightened conflict environment,” the report said.
One of the most significant and well-documented state-linked threat actors is APT34, which often focuses on targets in government, chemical, energy, financial, and telecommunications sectors in the Middle East, Europe, North America, and parts of Asia. “Due to this focus on geopolitical and strategic interests, APT34’s campaigns revolve around long-term access and data collection rather than short-term disruptions,” the report noted.
The group is known to conduct extensive reconnaissance and use social engineering techniques such as spearphishing to harvest credentials and other intelligence.
Although the United States has “the most technically advanced cyber capabilities of any nation state,” the report acknowledges that recent developments—significant reductions at the U.S. Cybersecurity and Infrastructure Security Agency, which is responsible for cyber threats and notifying public and private sectors about operations—the nation’s cyber readiness may be in question.
