US Department of Homeland Security’s warns of Iranian cyberattacks

The US Department of Homeland Security’s sounded the alarm on a possible uptick in Iranian cyberattacks against U.S. government and civilian targets, in the wake of recent airstrikes that killed General Qassem Soleimani, the head of Iran’s elite Quds Force.

Chris Krebs, head of the department’s Cybersecurity and Infrastructure Security Agency (CISA), has urged vigilance among U.S. cybersecurity officials over new network attacks and security breaches by Iranian forces in a January post on Twitter.

“Given recent developments, re-upping our statement from the summer,” Krebs wrote in the 2 January Twitter post. “Bottom line: time to brush up on Iranian TTPs [tactics, techniques, and procedures] and pay close attention to your critical systems, particularly [Industrial Control Systems].

Potential targets include manufacturing facilities, oil and gas plants, and transit systems.

Robert M. Lee, chief executive of Dragos Inc., which specializes in industrial control system security, said Iranian hackers have been very aggressive in trying to gain access to utilities, factories, and oil and gas facilities. That doesn’t mean they’ve succeeded, however. In one case in 2013 where they did break into the control system of a US dam — garnering significant media attention.

Elissa Slotkin, who formerly worked as a CIA analyst and served three tours in Iraq focused on Iran-backed militias, also strongly warned of the potential for attacks on the U.S.

“The Iranian government has vowed to retaliate and avenge Soleimani’s death, and could do so in any number of ways: against our diplomats and service members or high-ranking military officers, against our allies and partners in the region, or through targeted attacks in the Western world,” Slotkin said in a statement. “It is critical that the Administration has thought out the moves and counter-moves this attack will precipitate.”

How strong is Iran’s defence system?

Iran ramped up its cyber-space capability after a massive cyber-attack on Iranian nuclear facilities in 2010.

It is suspected that the Islamic Revolutionary Guards Corps (IRGC) has its own cyber-command focused on commercial and military espionage.

Read more