Iran’s telecommunications minister said the country has averted a crisis after a second cyber attack was launched against government installations within the same week. Mohammad Javad Azari-Jahromi would not give further details, saying only that the last attack was “massive,” while noting that a second attack had been successfully foiled.

Iran: Cyber-Target Number One

He said that the hackers’ origins had been traced, although he also declined to give further details. There are constant online attacks against Iran that wax and wane in regularity and intensity. Although all governments are actively engaged in cyber security measures, as well as quietly fishing in the ether for whatever they can find, Iran often stands out as the target of repeated, concerted attempts to down national infrastructure.

While US officials have previously confessed to Reuters journalists that the country has staged attacks against Tehran, in the latest incidents Iran isn’t necessarily pointing fingers at the US. Such is the convoluted, false flag-peppered realm of cyber attacks against national infrastructure.

Iran’s Attack On Saudi Oil Facilities

The minister did call the latest attacks “highly organized and state-sponsored,” and commentators on the ground in the Middle East point to a variety of possibilities. Saying that he couldn’t “say the attack was carried out by which country right now,” Azari-Jahromi didn’t elaborate on what appears to be a regular, frequent cyber tit-for-tat between Iran and other nations.

Some months ago, Iran was suspected of being behind an explosive attack on the Saudi Arabian Abqaiq oil-processing plant, as well as the Khurais oilfield. The attack employed unmanned drones and cruise missiles, destroying parts of the refinery and disrupting production in the oilfield. Nonetheless, the United Nations’ (UN) secretary general Antonio Guterres said then that the body could not “At this time… independently corroborate that the cruise missiles and unmanned aerial vehicles used in these attacks are of Iranian origin.” American officials acknowledged that a cyber attack was launched against Iran in response.

Who’s Behind The Recent Cyber Attack On Iran?

Various hypotheses have emerged after the recent cyber attack on Iran. Some Iran watchers speculate that it’s more payback for the Saudi strike, if indeed Tehran was behind it, while others note that any third party wanting to stoke the flames between the two petro giants for their own purposes, would have lots of political debris to hide behind. Both Iran and Saudi Arabia are oil economies, and rely heavily on exports of crude to maintain a healthy fiscal balance sheet.

While perhaps not the origin of the latest attacks on Tehran, the US certainly set the precedent years ago. With Iran long determined to develop nuclear weapons, the 2010 Stuxnet attack was allegedly the result of collaboration between US and Israeli agents, seeking to cripple development at Iranian nuclear facilities. The Stuxnet virus, a worm, caused hardware failure by sending false readings to workers monitoring Iranian systems running Siemens Step 7 industrial software. At the same time, the virus initiated a series of fraudulent instructions that condemned a plant to mechanical burnout and failure.

Spurred by Tehran’s nuclear weapons programme, it’s an open secret that US agents have often attempted to remotely foil Iranian development. With Iran as often cryptic in response, the masking behavior that surrounds cyber attacks makes clear understanding difficult. The US also blames Iran for a host of misinformation regularly distributed via dozens of recently discovered websites that are targeting various countries, while the Iranian theocracy frequently blames the US for sneaky attempts at data hacking or system shutdown. In the latest incident, Tehran has yet to publicize its conclusions about the origins of the attack.

Russian False-Flag?

Around the same time as US agents were confessing to Reuters about their online activities against the Middle Eastern nation, both US and UK spies claimed that a supposedly Iranian cyber attack was in fact a collection of Russian hackers dropping false flags that pointed to Tehran. In this incident, rather than payback for Stuxnet, it seemed that the Russians had appropriated original tools from Iran and were staging cyber attacks for their own purposes, piggy-backing on an Iranian identity. With myriad such potential situations and Tehran not telling who they “identified” as being behind the latest attacks, Azari-Jahromi did however say that the last attempts against Iran were “aimed at spying on government intelligence.”

A High-Stakes Game Of Electronic Deception

Detailed cloaking from all players defines this landscape and although, for example, the US sometimes admits to concerted attempts to hack Iran’s military installations – notably after Iran downed a US surveillance drone earlier this year – on other occasions agents deny culpability, or Tehran denies the extent or effect of hacking attempts. Long co-opted into government service, private concerns in many countries are often used to further blur the line between their behavior and government-sanctioned espionage or attack.

Not merely a target in the online wars, Iran has cyber sleuthing capabilities of its own. The US Department of Homeland Security suffered an Iranian hack in June this year. The intrusion alarmed officials, as it wiped out large sections of the department’s IT capabilities. The attack seemed to be a statement of Iran’s abilities in the tech warfare between the two nations. According to US commentators, an Iranian penchant for wiping hard drives in the wake of an attack is something new in the sphere of remotely disabling an opponent’s infrastructure.

American-Iranian Tensions At All-Time Highs

Tensions between Tehran and the US have risen after President Trump withdrew America from a 2015 nuclear deal with Iran, rather opting for a policy of “maximum pressure” being applied to the Islamic Republic. While it is often true that cyber attacks between the two countries are simply manifest, direct hostilities, the potential for China, Russia or any other third party to trade on that likelihood enables a confusing litany of online warfare.

The further potential for such attacks to be driven by various governments’ political motives, or economic ones that favor more private interests, merely makes the facts harder to find. Currently engaged in a vicious proxy war with Iran in Yemen, Saudi Arabia is a constant threat to Tehran in cyberspace. Israel and the US are also usual suspects in any cyber attack against Iran, and Israel has the ability to act as proxy for either the Americans or the Saudis in carrying out attacks that cripple Iranian infrastructure.

Azari-Jahromi has also denied that a recent attack targeting Iran’s major banks successfully hacked millions of private accounts, in spite of local media claims to this effect. Iran needs to be seen to be a tech savvy and formidable opponent, both to the US as well as among its more local allies. To this end, the nature or extent of attacks are ambiguously reported by Tehran in order not to reveal weaknesses and vulnerabilities.

Ever conscious of its image in the region, when fuel prices jumped 50 percent in November 2019, prompting Iranians to start violent protests, officials downed the internet in the country to quell coverage of events.

It's a tough moment
LET'S STAY TOGETHER