, 13 tweets, 4 min read
My Authors
Read all threads
Some coalescing thoughts on Iran's cyber capability. The first is that while cyberattack (disruption/destruction) is on the table, the most consequential capability may be cyber espionage. There will be cyber espionage against gov/mil targets as well as personnel of interest. 1/x
Iran, like others, has recently focused on moving upstream by compromising telecoms and travel. That way they can identify and track specific people. These operations put people in physical danger, especially in terrorism scenarios. 2/x fireeye.com/blog/threat-re…
Some of this activity has been enabled by DNS shenanigans, which was a leap forward for their operations. This report discusses those operations as well as some we attribute to SeaTurtle, another actor. 3/x fireeye.com/blog/threat-re…
Of course these actors will also be conducting cyber espionage on government and military targets now. We saw a spike in activity during tensions last summer that NSA publicly indicated was probably designed to understand policy maker thinking. 4/x cyberscoop.com/nsa-iran-cyber…
Another facet of the Iranian cyberthreat is the cyberattack (disruptive/destructive) capability posed by Iran. Will they cripple our society? I highly doubt it. Could they score some major blows against individual companies and maybe even the US sense of security? Absolutely. 5/x
This is one area where they enjoy a real asymmetric advantage. The US' vastly technically superior intelligence/military capability won't be absorbing cyberattacks from Iran. It will be our incredibly complex, technology-reliant economy. Even if only individual participants. 6/x
There's plenty of history of Iranian attacks in the US. Financial sector and other businesses were hit with disruptive and destructive attacks. I was also very concerned with a massive critical infrastructure probing effort called Operation Cleaver. 7/x cylance.com/content/dam/cy…
Iran seemed to refocus these efforts in-region after JCPOA, carrying out spate after spate of destructive attacks. Zerocleare is a tool they have recently leveraged in this manner. 8/x securityintelligence.com/posts/new-dest…
For my money, the most disconcerting development in Iranian cyber attack capability has been targeting of the ICS supply chain. Russia and North Korea proved you want to drop on systems simultaneously for maximum destructive effect. 9/x wired.com/story/iran-apt…
It's important to remember that you usually can't just carry out these attacks overnight. It takes time to dig in. For years, we've seen an effort to dig in to critical infrastructure in the Middle East. Those options may be on already on the shelf and held in reserve. 10/x
It will be interesting to see if there's an effort to probe US domestic critical infrastructure in light of events. That may serve as a warning. As things were getting rather tense with North Korea, we found an early effort to probe US infrastructure.11/x fireeye.com/blog/threat-re…
One way to wrap your head around this problem is to consider the ransomware incidents we've seen of late. Ransomware with no hope of ransom is just destructive malware. Our recent experiences, especially with respect to municipal and transit targets, should be a guide. 12/x
Last, but no least, we are already seeing Iran ramp up disinformation related to this situation. Iran has a maturing, increasingly complex disinformation capability that we first identified.13/x fireeye.com/blog/threat-re…
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with John Hultquist

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!