On 3 January 2020 the news broke that President Trump had ordered an airstrike that resulted in the deaths of General Qassem Soleimani and six other Iranian officials. A US drone strike reportedly successfully targeted two cars leaving Baghdad Airport. The attack happened just days after a US contractor had been killed in an assault on US coalition forces in Iraq, and attacks on the US Embassy in Baghdad, blamed on Iran.
Qassem Soleimani, Iran’s most powerful military leader, was the commander of the Revolutionary Guards’ Quds force, responsible for Iranian military operations in the Middle East. He was also regarded as a leading political figure in the country, second in line only to Ali Khameini, Iran’s supreme leader.
Khamenei has promised a “harsh” response to the killings, and Mohammad Javad Zarif, the Iranian Foreign Minister, quickly released the following statement on Twitter:
“The US’ act of international terrorism, targeting & assassinating General Soleimani—THE most effective force fighting Daesh (ISIS), Al Nusrah, Al Qaeda et al—is extremely dangerous & a foolish escalation. The US bears responsibility for all consequences of its rogue adventurism.”
Somewhat unusually, President Trump did not immediately comment on the attacks, simply tweeting an image of the American flag. However, the Pentagon issued a press release. This began: “At the direction of the President, the U.S. military has taken decisive defensive action to protect U.S. personnel abroad by killing Qasem Soleimani, the head of the Islamic Revolutionary Guard Corps-Quds Force, a U.S.-designated Foreign Terrorist Organization.”
With the US blaming Soleimani for the deaths of hundreds of Americans, Trump later read out a statement, claiming he had ordered the strike to prevent further clashes in the region and threats to American lives. He said: “We took action last night to stop a war. We did not take action to start a war.”
As the weekend went on, media footage showed thousands of Iranians out on the streets protesting against the killings, while politicians in the parliament chanted ‘Death to America’.
President Trump then warned that the US had targeted 52 Iranian cultural sites and will strike “very fast and very hard” if Tehran attacks Americans or US assets. He tweeted that the sites represented the 52 Americans taken hostage in Iran in 1979.
This was met by a response from Zarif, who wrote:
“Having committed grave breaches of int’l law in Friday’s cowardly assassinations,
@realdonaldtrump
threatens to commit again new breaches of JUS COGENS; -Targeting cultural sites is a WAR CRIME; -Whether kicking or screaming, end of US malign presence in West Asia has begun.”
Here in the UK, Foreign Secretary Dominic Raab urged restraint on both sides. He commented: “The US has a right to exercise self-defence and we’re sympathetic to the situation they found themselves in but we want de-escalation now. We need to avoid a war and de-escalate and stabilise the situation,” adding that two Royal Navy ships were being deployed to the Strait of Hormuz to protect British-flagged ships passing through the shipping channel.
France, Germany and the UK have agreed to work together on de-escalation of hostilities in the region.
Some of the most vocal support for the US has come from Israel. Prime Minister Benjamin Netanyahu said: “Just as Israel has the right of self-defense, the United States has exactly the same right. Qassem Soleimani is responsible for the death of American citizens and many other innocent people. He was planning more such attacks. President Trump deserves all the credit for acting swiftly, forcefully and decisively,”
On the other side, and in an effort to prevent another proxy war being fought on their land, Iraqi MPs have responded to what they denounced as a violation of their country’s sovereignty by calling for all foreign troops – including 5,000 US military personal from the US – to leave the territory: late on Sunday, Trump reacted to this by threatening Baghdad with sanctions.
Russia, a hugely important presence in the Middle East, has condemned the killings. Foreign Minister Sergei Lavrov emphasised that “targeted actions by a UN member state to eliminate officials of another UN member state, and on the territory of a third sovereign country without its knowledge grossly violate the principles of international law and deserve condemnation”, and warned of “grave consequences for the regional peace and stability” and “a new round of escalation”.
Interestingly, Iran, China and Russia conducted joint naval exercises last week, and Chinese Foreign Minister Wang Yi also met with Zarif. Wang stated: “The dangerous US military operation violates the basic norms of international relations and will aggravate regional tensions and turbulence.” China is a major purchaser of Iranian oil, and is increasingly important to the country’s economy due to the sanctions imposed by Trump in 2018.
Much media debate has been focusing on the possibility of all-out conventional warfare between the US and Iran; indeed, even while Trump was claiming to have ordered the killing of Soleimani to prevent further conflict, it was reported that more than 3,000 US troops were being deployed to the Middle East, suggesting a readiness for ground battles and the prospect of thousands of casualties.
However, it would be a mistake to ignore the possibility that Iran’s threatened retaliation could take the form of cyber-attacks.
In our most recent blog, published in December, we highlighted the possible expansion of cyber-warfare between the US and Iran, noting how tensions between the two countries had been increasing again since June 2019, when Washington blamed Tehran for a physical attack on oil tankers in the Gulf of Oman: just days later it was reported that Trump had authorised the use of cyber-attacks by US agencies, and one which took place on 20 June led to Iran losing access to one of its computer databases that had apparently been used in the planning of the shipping attacks.
Trump had originally upped the ante with his decision in 2018 to withdraw the US from the Iran nuclear deal – the Joint Comprehensive Plan of Action (JCPOA) – resulting in new economic sanctions being levied. This was a harsh blow for the Iranians, with shipping and shipbuilding industries all affected, along with the oil and petroleum market. In response, Tehran began to revive its uranium enrichment programme, and this weekend, following the death of Soleimani, the government announced that it would distance itself further from the JCPOA: in other words, it will continue with the work.
The likelihood of damaging cyber-attacks being launched by Iran has certainly increased and must be taken seriously.
Hacktivists have already been busy with low-level attacks. For example, a hacker calling himself Mrb3hz4d claimed to have defaced a range of US city websites in retaliation for the air strike. The defaced sites all displayed a picture of Soleimani alongside two quotes that stated: “Hacked By IRANIAN HACKER” and “Down with America.”
An unknown group of hackers took responsibility for hacking and defacing the US Federal Depository Library Program domain, with the webpage depicting a quote that stated: “This is message from Islamic Republic of Iran. We will not stop supporting our friends in the region: the oppressed people of Palestine, the oppressed people of Yemen, the people and the Syrian government, the people and government of Iraq, the oppressed people of Bahrain, the true mujahideen resistance in Lebanon and Palestine, [they] always will be supported by us.”
Hacker ShieldIran, meanwhile, appeared to have launched a purely opportunistic attack when he targeted the Sierra Leone Commercial Bank domain, with the webpage showing the same messages as those above.
These types of actions represent little more than minor annoyances. Yet they do demonstrate that there are easy points of access for even inexperienced or unskilled hackers.
What poses a far greater threat is the possibility of serious attacks carried out by Iranian state-sponsored groups and targeting critical infrastructure systems, both within the immediate region and globally.
A recent report published by the US Defense and Intelligence Agency noted that Iran lacks the cyber capabilities seen in other ‘enemy’ nation states such as China, Russia or North Korea. However, after the Stuxnet attack against Iran’s nuclear facilities in 2010, widely believed to have been carried out by the USA and Israel, efforts have been made in Tehran to enhance the country’s capacity in this field, and even in 2012 a successful malware attack launched by Iran on Saudi Aramco and Qatari RasGas resulted in a great deal of damage to networks. Researchers warned that Iran now “uses cyberspace operations as a tool of statecraft and internal security, and it continues to improve its capabilities,” viewing these operations as “a safe, low-cost method to collect information and retaliate against perceived attacks”.
However, other analysts believe that Iran is unlikely to initiate a major cyber-war – at least not yet. Check Point’s Oded Vanunu said: “Iran won’t start a major cyber campaign – they fear that if they escalate they will get hit worse.”
Cyjax CISO Ian Thornton-Trump thinks Tehran will “stop short of any major critical infrastructure attack against a western nation for fear of potential disproportional kinetic reprisal”.
We have detailed the activities of some of the more well-known Iranian groups in previous blog articles over the last year. See here and here.
Kevin McMahon, the Cyjax CEO, maintains that Tehran could launch highly damaging cyber-attacks. He commented: “Iran will be looking to make a show of strength: their cyber capabilities are vast, and it’s highly likely we will see a big increase in attacks against western businesses both in the region and globally. However, their immediate neighbours will bear the brunt of their retaliations.”
With this latest very worrying escalation in the conflict between the US and Iran, all organisations operating in the Middle East, particularly those involved in the energy sector, are advised to be on the highest possible alert for cyber-attacks, and to ensure that all systems are up-to-date.