Since November 2010, an organization called "The Cyber Defense Command" (
Persian: قرارگاه دفاع سایبری; Gharargah-e Defa-e Saiberi) has been operating in Iran under the supervision of the country's "
Passive Civil Defense Organization" (
Persian: سازمان پدافند غیرعامل; Sazeman-e Padafand-e Gheyr-e Amel) which is itself a subdivision of the
Joint Staff of Iranian Armed Forces.[3]
According to a 2014 report by
Institute for National Security Studies, Iran is "one of the most active players in the international cyber arena".[4] In 2013, a
Revolutionary Guards general stated that Iran has "the 4th biggest cyber power among the world's cyber armies."[5][6]
According to a 2021 report by a cyber-security company, "Iran is running two surveillance operations in cyber-space, targeting more than 1,000 dissidents".[7]
NIN
Iranian cyber defense system - digital fortress part of
national information network (national internet) - is developed for thwarting attacks and engaging attackers.[8] In November 2022, the Iranian Majlis Islamic Consultative Assembly recommended a Passive Defence Incorporation.[9]
Attacks against Iran
In June 2010, Iran was the victim of a
cyber-attack when its
nuclear facility in Natanz was infiltrated by the cyber-worm '
Stuxnet'.[10] Reportedly a combined effort by the United States and Israel,[11] Stuxnet destroyed perhaps over 1,000 nuclear centrifuges and, according to a Business Insider article, "[set] Tehran's atomic programme back by at least two years."[12] The worm spread beyond the plant to allegedly infect over 60,000 computers, but the government of Iran indicates it caused no significant damage. Iran crowdsourced solutions to the worm and is purportedly now better positioned in terms of cyber warfare technology.[10] No government has claimed responsibility for the worm.[12] The cyber-worm was also used against
North Korea.[citation needed]
Events
In October 2013, media reported Mojtaba Ahmadi, who served as commander of the "Cyber War Headquarters" was found dead wounded by bullets in
Karaj.[13]
October 2021:
An attack paralyzed gas stations across the country, preventing users from purchasing fuel using state-issued cards and digital billboards displaying antigovernment messages
In September, October and November 2022, Iranian state networks and emails came under attack by
Anonymous and other hacking groups acting in solidarity with
Iranian protestors.[16]
In the year 2023 several government ministries were fully hacked by multiple people including Ministry of Science research and technology on September 23.[17][18][19] Veterans affairs[20] Ministry of foreign affairs(50TB)[21] Central Insurance and 19 subsidiary corporations(119 million lines records)[22][23][24] City of Tehran municipality , State news bulletin[25] National Civil Registration vital records organization database(20TB)[26] Atomic Energy Organization[27] Presidency[28] Ridesharing company
Tapsi was hacked as well.
December 2023 seventy percent of entire national Iranian fuel pumps taken out, Predators Sparrow took responsibility[29]
January 2024 Snapp was hacked with records of 80 million Iranians along with payment info sold.[30]
In 2024 February
Islamic Consultative Assembly was hacked revealing massive payment to members.[31][32]
3000000 court penal cases of Iranian Judicial system hacked and put online.[34]
Anonymous reportedly extracted 14 GB of data out of Iranian university of Malekashtar server belonging to Ministry of defense.[35]
US military attacked two Iranian intelligence vessels at Red Sea[36]
May 2024 Iranian regime was getting hammered with huge scale cyberattacks causing internet issues [37]
June 2024 Islamic culture and guidance's ministry Haj.ir taken out , source code and database hacked by IRleaks team, it included pilgrim and civil travel records since 1980s[38]
The
Iranian government has been accused by Western analysts of its own cyber-attacks against the
United States,
Israel and
Persian Gulf Arab countries, but denied this, including specific allegations of 2012 involvement in hacking into American banks.[12] The conflict between
Iran and the United States has been called "history's first known cyber-war" by Michael Joseph Gross in mid-2013.[40]
Events
August 2014: An
IDF official told the press that Iran has launched numerous significant attacks against Israel's
Internet infrastructure.[41]
31 March 2015: There was
a massive power outage for 12 hours in 44 of 81 provinces of Turkey, holding 40 million people.
Istanbul and
Ankara were among the places suffering blackouts. According to Observer.com, Iranian hackers, possibly the
Iranian Cyber Army, were behind the power outage.[42]
June 2017: The Daily Telegraph reported that intelligence officials concluded that Iran was responsible for a cyberattack on the
British Parliament lasting 12 hours that compromised around 90 email accounts of
MPs. The motive for the attack is unknown but experts suggested that the Islamic Revolutionary Guard Corps could be using cyberwarfare to undermine the
Iran nuclear deal.[43]
March 2022: Large-scale cyberattacks were launched against multiple Israeli government websites, allegedly by Iran as retaliation for failed Mossad operations, though neither the attack attribution nor the purported Mossad operations could be confirmed as of March 2022. The National Cyber Directorate declared a state of emergency as a result of the attacks and unnamed defense sources told media outlets it was possibly the largest-ever cyberattack against Israel.[46][47]
November 2022: Iranian hackers attacked Albanian networks.[48][49]
November seventeen American networks system were turned into mining crypto because of existing undefended vulnerability.[50]
2023 Moneybird ransomware was used by Agrius against Israeli people.[51] Cyberattack on Israeli university was blamed on Iranian ministry of intelligence.[52] Attacks attributed to Iranians targeted Israeli ports and Haifa harbors.[53]
Disinformation en masse sponsored by state targeted Iranians in 2023.[54]
2023 IRGC Cybersecurity command attacked dissidents according to German state[55]
Sophos and Zimperium report Iranian citizens credentials hacked by Iranian hackers , with Firebase , C2 (C&C) iOS , Android malware apps called Bank Saderat , Central Bank and Bank Mellat [57]
December 14, 2023 ESET documented OilRig group which is state sponsored use C&C attacks [58]
September 2023 Attack took out water network in Ireland suburban Mayo.[59]
In February 2024,
OpenAI announced that it had shut down accounts used by the Crimson Sandstorm hacking group. The group had been using OpenAI services to research evasion techniques, write and refactor code, and create phishing campaign content.[60][61]
April 2024 Israel secrets published by Iranian website[62]
July 2024 MuddyWater increased the cyber attacks in the middle east[63]
Command and control
Iranian armed forces install malware apps for espionage on android phones.[64]
They could steal victims identity according to Microsoft.[65]
Suspended Iranian accounts
On May 5, 2020, Reuters reported, quoting a monthly Facebook report, that Iranian state-run media had targeted hundreds of fake social media accounts to covertly spread pro-Iranian messaging, online since at least 2011, for secretly broadcasting online promotional messages in favor of Iran in order targeting voters in countries including Britain and the United States.[66] Accounts were suspended for
coordinated inauthentic behavior, which removed eight networks in recent weeks, including one with links to the Islamic Republic of Iran Broadcasting.[66]
Since November 2010, an organization called "The Cyber Defense Command" (
Persian: قرارگاه دفاع سایبری; Gharargah-e Defa-e Saiberi) has been operating in Iran under the supervision of the country's "
Passive Civil Defense Organization" (
Persian: سازمان پدافند غیرعامل; Sazeman-e Padafand-e Gheyr-e Amel) which is itself a subdivision of the
Joint Staff of Iranian Armed Forces.[3]
According to a 2014 report by
Institute for National Security Studies, Iran is "one of the most active players in the international cyber arena".[4] In 2013, a
Revolutionary Guards general stated that Iran has "the 4th biggest cyber power among the world's cyber armies."[5][6]
According to a 2021 report by a cyber-security company, "Iran is running two surveillance operations in cyber-space, targeting more than 1,000 dissidents".[7]
NIN
Iranian cyber defense system - digital fortress part of
national information network (national internet) - is developed for thwarting attacks and engaging attackers.[8] In November 2022, the Iranian Majlis Islamic Consultative Assembly recommended a Passive Defence Incorporation.[9]
Attacks against Iran
In June 2010, Iran was the victim of a
cyber-attack when its
nuclear facility in Natanz was infiltrated by the cyber-worm '
Stuxnet'.[10] Reportedly a combined effort by the United States and Israel,[11] Stuxnet destroyed perhaps over 1,000 nuclear centrifuges and, according to a Business Insider article, "[set] Tehran's atomic programme back by at least two years."[12] The worm spread beyond the plant to allegedly infect over 60,000 computers, but the government of Iran indicates it caused no significant damage. Iran crowdsourced solutions to the worm and is purportedly now better positioned in terms of cyber warfare technology.[10] No government has claimed responsibility for the worm.[12] The cyber-worm was also used against
North Korea.[citation needed]
Events
In October 2013, media reported Mojtaba Ahmadi, who served as commander of the "Cyber War Headquarters" was found dead wounded by bullets in
Karaj.[13]
October 2021:
An attack paralyzed gas stations across the country, preventing users from purchasing fuel using state-issued cards and digital billboards displaying antigovernment messages
In September, October and November 2022, Iranian state networks and emails came under attack by
Anonymous and other hacking groups acting in solidarity with
Iranian protestors.[16]
In the year 2023 several government ministries were fully hacked by multiple people including Ministry of Science research and technology on September 23.[17][18][19] Veterans affairs[20] Ministry of foreign affairs(50TB)[21] Central Insurance and 19 subsidiary corporations(119 million lines records)[22][23][24] City of Tehran municipality , State news bulletin[25] National Civil Registration vital records organization database(20TB)[26] Atomic Energy Organization[27] Presidency[28] Ridesharing company
Tapsi was hacked as well.
December 2023 seventy percent of entire national Iranian fuel pumps taken out, Predators Sparrow took responsibility[29]
January 2024 Snapp was hacked with records of 80 million Iranians along with payment info sold.[30]
In 2024 February
Islamic Consultative Assembly was hacked revealing massive payment to members.[31][32]
3000000 court penal cases of Iranian Judicial system hacked and put online.[34]
Anonymous reportedly extracted 14 GB of data out of Iranian university of Malekashtar server belonging to Ministry of defense.[35]
US military attacked two Iranian intelligence vessels at Red Sea[36]
May 2024 Iranian regime was getting hammered with huge scale cyberattacks causing internet issues [37]
June 2024 Islamic culture and guidance's ministry Haj.ir taken out , source code and database hacked by IRleaks team, it included pilgrim and civil travel records since 1980s[38]
The
Iranian government has been accused by Western analysts of its own cyber-attacks against the
United States,
Israel and
Persian Gulf Arab countries, but denied this, including specific allegations of 2012 involvement in hacking into American banks.[12] The conflict between
Iran and the United States has been called "history's first known cyber-war" by Michael Joseph Gross in mid-2013.[40]
Events
August 2014: An
IDF official told the press that Iran has launched numerous significant attacks against Israel's
Internet infrastructure.[41]
31 March 2015: There was
a massive power outage for 12 hours in 44 of 81 provinces of Turkey, holding 40 million people.
Istanbul and
Ankara were among the places suffering blackouts. According to Observer.com, Iranian hackers, possibly the
Iranian Cyber Army, were behind the power outage.[42]
June 2017: The Daily Telegraph reported that intelligence officials concluded that Iran was responsible for a cyberattack on the
British Parliament lasting 12 hours that compromised around 90 email accounts of
MPs. The motive for the attack is unknown but experts suggested that the Islamic Revolutionary Guard Corps could be using cyberwarfare to undermine the
Iran nuclear deal.[43]
March 2022: Large-scale cyberattacks were launched against multiple Israeli government websites, allegedly by Iran as retaliation for failed Mossad operations, though neither the attack attribution nor the purported Mossad operations could be confirmed as of March 2022. The National Cyber Directorate declared a state of emergency as a result of the attacks and unnamed defense sources told media outlets it was possibly the largest-ever cyberattack against Israel.[46][47]
November 2022: Iranian hackers attacked Albanian networks.[48][49]
November seventeen American networks system were turned into mining crypto because of existing undefended vulnerability.[50]
2023 Moneybird ransomware was used by Agrius against Israeli people.[51] Cyberattack on Israeli university was blamed on Iranian ministry of intelligence.[52] Attacks attributed to Iranians targeted Israeli ports and Haifa harbors.[53]
Disinformation en masse sponsored by state targeted Iranians in 2023.[54]
2023 IRGC Cybersecurity command attacked dissidents according to German state[55]
Sophos and Zimperium report Iranian citizens credentials hacked by Iranian hackers , with Firebase , C2 (C&C) iOS , Android malware apps called Bank Saderat , Central Bank and Bank Mellat [57]
December 14, 2023 ESET documented OilRig group which is state sponsored use C&C attacks [58]
September 2023 Attack took out water network in Ireland suburban Mayo.[59]
In February 2024,
OpenAI announced that it had shut down accounts used by the Crimson Sandstorm hacking group. The group had been using OpenAI services to research evasion techniques, write and refactor code, and create phishing campaign content.[60][61]
April 2024 Israel secrets published by Iranian website[62]
July 2024 MuddyWater increased the cyber attacks in the middle east[63]
Command and control
Iranian armed forces install malware apps for espionage on android phones.[64]
They could steal victims identity according to Microsoft.[65]
Suspended Iranian accounts
On May 5, 2020, Reuters reported, quoting a monthly Facebook report, that Iranian state-run media had targeted hundreds of fake social media accounts to covertly spread pro-Iranian messaging, online since at least 2011, for secretly broadcasting online promotional messages in favor of Iran in order targeting voters in countries including Britain and the United States.[66] Accounts were suspended for
coordinated inauthentic behavior, which removed eight networks in recent weeks, including one with links to the Islamic Republic of Iran Broadcasting.[66]