The government of Iran on Monday insisted a reported U.S. cyberattack carried out in retaliation for Iran shooting down an American drone was completely ineffective.
“They try hard, but have not carried out a successful attack,” claimed information and technology minister Mohammad Javad Azari Jahromi.
The Associated Press on Saturday quoted three U.S. officials who said President Donald Trump approved a cyberattack on Thursday after deciding against a conventional military strike in retaliation for the drone shootdown. The cyberattack plan was allegedly developed after two oil tankers were sabotaged in the Gulf of Oman this month.
The article claimed the U.S. directed its counterattack at computer systems used by Iran’s Islamic Revolutionary Guard Corps (IRGC) to control its rockets and missile launchers. U.S. law has designated the IRGC a foreign terrorist organization. According to Yahoo News, the digital attack more specifically targeted a surveillance operation linked to the IRGC that tracks and targets both military and civilian ships passing through the Strait of Hormuz.
Business Insider noted President Trump has “given significant autonomy to CYBERCOM, the US military’s command for cyber-related operations, and authorized it to conduct offensive attacks against foreign adversaries during his presidency.” According to National Security Advisor John Bolton, CYBERCOM’s “hands are not tied as they were in the Obama administration.”
Vice President Mike Pence and Pentagon officials both declined to state on the record if the U.S. conducted a cyberattack against the IRGC. “I never comment on covert operations,” Pence said on Sunday.
The AP noted Iran has been attempting to hack U.S. government agencies, financial service companies, and the oil and gas industry ever since tough U.S. sanctions against the Iranian oil industry went into effect. The Iranian cyber campaign took the form of a barrage of phishing emails designed to trick targets into revealing passwords and other security information.
“It was not known if any of the hackers managed to gain access to the targeted networks with the emails, which typically mimic legitimate emails but contain malicious software,” the AP reported.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) on Saturday warned U.S. corporations to take extra precautions against Iranian hackers:
CISA is aware of a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies. We will continue to work with our intelligence community and cybersecurity partners to monitor Iranian cyber activity, share information, and take steps to keep America and our allies safe.”
Iranian regime actors and proxies are increasingly using destructive ‘wiper’ attacks, looking to do much more than just steal data and money. These efforts are often enabled through common tactics like spear phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network.
In times like these it’s important to make sure you’ve shored up your basic defenses, like using multi-factor authentication, and if you suspect an incident – take it seriously and act quickly. You can find other tips and best practices for staying safe online here.
Iranian telecommunications minister Jahromi on Monday claimed all efforts to penetrate Iran’s computer systems have been deflected.
“The media are asking about the veracity of the alleged cyber attack against Iran. No successful attack has been carried out by them, although they are making a lot of efforts,” he insisted.
The Iranian Foreign Ministry praised the strength of Iran’s cyber defenses and hinted Tehran might pursue international court action against the United States for attempting electronic espionage. The ministry also said Iran would prefer the “defusion of tensions” in the region.