Iranian hackers wage cyber campaign amid tensions with US

Iran has increased its offensive cyberattacks against the U.S. government and critical infrastructure as tensions have grown between the two nations, cybersecurity firms say.

In recent weeks, hackers believed to be working for the Iranian government have targeted U.S. government agencies, as well as sectors of the economy, including oil and gas, sending waves of spear-phishing emails, according to representatives of cybersecurity companies CrowdStrike and FireEye, which regularly track such activity.

It was not known if any of the hackers managed to gain access to the targeted networks with the emails, which typically mimic legitimate emails but contain malicious software.

The cyber offensive is the latest chapter in the U.S. and Iran’s ongoing cyber operations targeting the other, with this recent sharp increase in attacks occurring after the Trump administration imposed sanctions on the Iranian petrochemical sector this month.

Tensions have escalated since the U.S. withdrew from the 2015 nuclear deal with Iran last year and began a policy of “maximum pressure.” Iran has since been hit by multiple rounds of sanctions. Tensions spiked this past week after Iran shot down an unmanned U.S. drone — an incident that nearly led to a U.S. military strike against Iran on Thursday evening.

Iran has long targeted the U.S. oil and gas sectors and other critical infrastructure, but those efforts dropped significantly after the nuclear agreement was signed. After President Trump withdrew the U.S. from the deal in May 2018, cyber experts said they have seen an increase in Iranian hacking efforts.

Mr. Trump said the U.S. military was “cocked and loaded” to retaliate against Iran on three different sites Thursday night, but called off the operation after learning 150 people would likely die from the strike. Mr. Trump, explaining his decision on Twitter, said the response would have been “not proportionate to shooting down an unmanned drone.” 

Yahoo News reported Friday that U.S. Cyber Command launched a retaliatory digital strike against an Iranian spy group on Thursday.

The U.S. has had a contentious cyber history with Iran.

In 2010, the so-called Stuxnet virus disrupted the operation of thousands of centrifuges at a uranium enrichment facility in Iran. Iran accused the U.S. and Israel of trying to undermine its nuclear program through covert operations.

Iran has also shown a willingness to conduct destructive campaigns. Iranian hackers in 2012 launched an attack against state-owned oil company Saudi Aramco, releasing a virus that erased data on 30,000 computers and left an image of a burning American flag on screens.

In 2016, the U.S. indicted Iranian hackers for a series of punishing cyberattacks on U.S. banks and a small dam outside of New York City.

U.S. Cyber Command refused to comment on the latest Iranian activity. “As a matter of policy and for operational security, we do not discuss cyberspace operations, intelligence or planning,” Pentagon spokeswoman Heather Babb said in a statement. The White House did not respond to a request for comment.