Sizing Up Impact of US Cyberattack Against IranNew York Times: Database Used to Plot Attacks on Oil Tankers Wiped Out
The United States' June cyberattack against Iran wiped out a critical database used by the nation's paramilitary arm to plan attacks against oil tankers and at least temporarily degraded Iran's ability to covertly target Persian Gulf shipping traffic, the New York Times reports, citing unnamed "senior American officials."
See Also: The Anatomy of the Solarwinds Attack
The attack, which took place on June 20, targeted a database used in various operations by the intelligence division of the Islamic Revolutionary Guards Corps, which is Iran's main paramilitary force, according to the Times. Iranian officials are still working to recover data and restart some systems more than two months after the attack took place, the newspaper reports.
In May and June, Iran stepped up attacks against ships near its territorial waters, including mines that damaged Japanese and Norwegian vessels. But no tankers have been targeted in significant covert attacks since the June 20 cyber operation, although Iran seized a British tanker in retaliation for the detention of one of its own vessels, the Times reports, citing an unnamed senior U.S official.
The Times reports that the Trump administration saw the cyberattack as a proportional response to Iran shooting down an unmanned U.S. drone earlier this year.
Increasing Cyber Tensions
The June 20 attack was a critical component of an undeclared cyber conflict between the U.S. and Iran, senior officials told the Times, and it went forward even after President Trump called off a retaliatory airstrike the day after Iran shot down a U.S. drone.
Tom Kellermann, chief cybersecurity officer for Carbon Black and a former government cybersecurity adviser, says that the U.S. has cyber conflicts with other nation-states, including Russia, North Korea and China, but the tensions with Iran have intensified since the U.S. ended its nuclear agreement with the country and imposed new economic sanctions.
"There is a covert cyber conflict," Kellermann tells Information Security Media Group. "As a direct response to economic sanctions, Iran began attacking the U.S. with an 'A' team many months ago, and now it is evident that the U.S. is responding with persistent engagement. Geopolitical tension manifests in cyberspace."
In June, the U.S. Department of Homeland Security sent out an alert warning that Iran had increased its malicious cyber activity against the U.S, including so-called "wiper" attacks that render computers unusable (see: DHS: Conflict With Iran Could Spur 'Wiper' Attacks).
A few weeks later, U.S. Cyber Command issued a warning that attackers may try to exploit an older vulnerability in Microsoft Outlook to plant remote access Trojans or other types of malware within government networks. Some security experts suspect this activity is tied to an advanced persistent threat group known as APT33, which has ties to Iranian intelligence (see: US Cyber Command Warns of Outlook Vulnerability Exploits).
As a counter to some of this cyber activity, the Times reports that Cyber Command has stepped up its operations with the help of new congressional authority and an executive order giving the U.S. Defense Department more leeway to plan these types of operations.