On 3 January, the United States assassinated senior Iranian military official Qasem Soleimani, in Iraq. For about two decades, he headed the Islamic Revolutionary Guards Corps’s Quds Force, which oversees military and clandestine operations abroad. He was widely viewed as the second most important person in Iran after the Supreme Leader Ayatollah Ali Khamenei. His assassination has brought the already tense relationship between the United States and Iran to a new low in decades. The Iranian leadership has promised to take revenge of Soleimani’s killing. This article primarily looks at the future landscape of US-Iran hostilities in cyber domain following the killing of Iranian major general.
The history of cyber hostilities between Iran and the US can be traced back to the Stuxnet attack, a joint US-Israel cyber operation, targeting Iran’s nuclear enrichment centre in Natanz, causing self-destruction of about 1,000 centrifuges. Ever since, Iran started developing its capabilities in cyber domain and went on to launch periodic cyber operations against the United States. According to the Council on Foreign Relations’ Cyber Operations Tracker, both countries have been responsible for launching at least 27 state-sponsored cyber incidents on each other. Seven of these incidents were initiated by the United States, whereas, Iran was responsible for 20.
The Iranian leadership has promised to take revenge of Soleimani’s killing.
Experts believe that cyber operations can be part of Iran’s long-term response plan. This is because Iran is itself more cyber vulnerable than capable and will not take the chances of facing a physical retaliation to its launch of a cyber-attack. Moreover, cyber-attacks are low-profile events because of their unseen nature. In terms of verification and attribution, cyber-attacks are difficult and time-consuming. While the timing of launching cyber operations can vary, one thing is easy to conclude that these operations will not be viewed as a substitute for a physical military response by Iranian leaders.
While very limited information is publicly available about Iran’s cyberwarfare capabilities, it is no match to America’s offensive cyber capabilities. Moreover, experts are not clear whether Iranian threat actors possess the ability to intrude and target American critical infrastructure. In the past, Iranian hackers were held responsible for targeting several American banks and small dam outside New York.
There is a strong possibility that any cyber response from Iran might target American private sector, any area which largely remained target of Iranian threat actors, prior to the signing of the Iran nuclear agreement in 2015. Soleimani’s killing might reignite resolve of targeting America’s non-governmental sector. The prominent targets are likely to be health, financial services, and social media firms. These targets will not only grab international media spotlight but also cause massive reputational costs for the firms and generate privacy and data protection concerns among their users. On the other hand, the prospects of Iranian threat actors targeting American critical infrastructure remain limited due to fear of retaliation, either in cyber or physical domain.
In the coming days and weeks, Iranian threat actors are likely to launch several cyber operations against the US interests in response to Soleimani’s killing.
The most likely cyber-attack to be deployed by Iranian threat actors will be wipers (a type of malware that wipes out all information stored on hard drives). Wipers like Shamoon and Stone Drill have been used by Iranian hackers to hit mostly private-sector targets in Gulf countries. Apart from the 2014 Las Vegas Sands Corporation incident, Iranian threat actors have largely restrained in launching wipers on targets in the United States. However, this could change following the assassination of Iranian military general. Meanwhile, Iranian hacking groups are also reportedly attempting to intrude in several American organisations, including the Department of Energy and US National Labs.
In the coming days and weeks, Iranian threat actors are likely to launch several cyber operations against the US interests in response to Soleimani’s killing. These operations will be part of a combination of responses carried out in both physical and cyber domains. The primary motivation behind these attacks will be public disruption rather than financial harm while also ensuring that they might not trigger retaliation. Meanwhile, the US response to these operations will be offensive but below the threshold of a broader conflict.