Profile picture
, 13 tweets, 4 min read
My Authors
Read all threads
Some coalescing thoughts on Iran's cyber capability. The first is that while cyberattack (disruption/destruction) is on the table, the most consequential capability may be cyber espionage. There will be cyber espionage against gov/mil targets as well as personnel of interest. 1/x
Iran, like others, has recently focused on moving upstream by compromising telecoms and travel. That way they can identify and track specific people. These operations put people in physical danger, especially in terrorism scenarios. 2/x fireeye.com/blog/threat-re…
Some of this activity has been enabled by DNS shenanigans, which was a leap forward for their operations. This report discusses those operations as well as some we attribute to SeaTurtle, another actor. 3/x fireeye.com/blog/threat-re…
Of course these actors will also be conducting cyber espionage on government and military targets now. We saw a spike in activity during tensions last summer that NSA publicly indicated was probably designed to understand policy maker thinking. 4/x cyberscoop.com/nsa-iran-cyber…
Another facet of the Iranian cyberthreat is the cyberattack (disruptive/destructive) capability posed by Iran. Will they cripple our society? I highly doubt it. Could they score some major blows against individual companies and maybe even the US sense of security? Absolutely. 5/x
This is one area where they enjoy a real asymmetric advantage. The US' vastly technically superior intelligence/military capability won't be absorbing cyberattacks from Iran. It will be our incredibly complex, technology-reliant economy. Even if only individual participants. 6/x
There's plenty of history of Iranian attacks in the US. Financial sector and other businesses were hit with disruptive and destructive attacks. I was also very concerned with a massive critical infrastructure probing effort called Operation Cleaver. 7/x cylance.com/content/dam/cy…
Iran seemed to refocus these efforts in-region after JCPOA, carrying out spate after spate of destructive attacks. Zerocleare is a tool they have recently leveraged in this manner. 8/x securityintelligence.com/posts/new-dest…
For my money, the most disconcerting development in Iranian cyber attack capability has been targeting of the ICS supply chain. Russia and North Korea proved you want to drop on systems simultaneously for maximum destructive effect. 9/x wired.com/story/iran-apt…
It's important to remember that you usually can't just carry out these attacks overnight. It takes time to dig in. For years, we've seen an effort to dig in to critical infrastructure in the Middle East. Those options may be on already on the shelf and held in reserve. 10/x
It will be interesting to see if there's an effort to probe US domestic critical infrastructure in light of events. That may serve as a warning. As things were getting rather tense with North Korea, we found an early effort to probe US infrastructure.11/x fireeye.com/blog/threat-re…
One way to wrap your head around this problem is to consider the ransomware incidents we've seen of late. Ransomware with no hope of ransom is just destructive malware. Our recent experiences, especially with respect to municipal and transit targets, should be a guide. 12/x
Last, but no least, we are already seeing Iran ramp up disinformation related to this situation. Iran has a maturing, increasingly complex disinformation capability that we first identified.13/x fireeye.com/blog/threat-re…
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with John Hultquist

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @JohnHultquist see all

Profile picture
John Hultquist
@JohnHultquist
ODNI's Worldwide Threat Assessment starts with cyber, singling out China and Russia as posing the greatest espionage and attack threat. Notes the integration of espionage, attack, and influence operations. #WorldwideThreat 1/x
Report indicates Chinese espionage (to include key technology targeting) may need authorization from Beijing when alternatives are exhausted, suggesting restraint. Also noted is China's danger to critical infrastructure (a result of combining 3PLA/4PLA missions in the SSF?) 2/x
Russia is called out for influence and attack threat. Affirms that targeting of US critical infrastructure is long-term planning for damage that is localized and temporary. 3/x
Read 11 tweets
Profile picture
John Hultquist
@JohnHultquist
"Imagine a future “first strike” cyberattack in which a nation burrowed its way deeply into the industrial and commercial networks of another state and deployed ransomware across its entire private sector." -GRU persona in early '16 after their Ukraine blackout succeeded. 1/x
h/t to @emptywheel who points out that line was actually lifted from a Forbes article. 2/x

forbes.com/sites/kalevlee…
The article oddly foreshadowed a new approach by GRU. By the end of 2016, they were reattacking Ukraine's grid with more advanced malware, but they were also kicking off their first fake ransomware operations against other sectors. These operations were scalable and deniable. 3/x
Read 5 tweets

Related threads

Profile picture
Sibel Edmonds
@sibeledmonds
Here’s What I reported on Operation Target #Iran in March 2019, Planned & On Pause Until After #Syria. The Domino Pieces for What We See Now Was Planned & Set Up In Adv.
Also this on #Iran on Dec 1 this year- What most People Don’t Understand: In #DeepState Geopolitical Moves & Wars All Domino Pieces Are Planned, Created & Put In Place Long In Adv. Sudden & Unexpected Events Are Not Sudden-Unexpected.
Anyhow.I’l report further for my #Newsbud community friends soon. I rather work with, and for, those who value & understand the importance of Geopolitical Pretexts & Contexts, thus, sound analyses by experts, than gossip-oriented, short-term & short-sighted UTube/SocMedia masses
Read 7 tweets
Profile picture
Xy5Z89🇩🇪
@Xy5Z89
#Iran

So if it comes to a invasion of #Iran there are several things to see and know. The #Geography is on the side of Iran. The #West is protected by a massiv #Chain of #mountains wich would be easy to #defend even with a weaker #army they could try to keep there a defend line
The north is not able to reach for the #US troops and the #caspiansee is #landlocked by many #nations. A inportant @NATO allie if the defens act works would be #Turkey wich would be forced to send troops against #Iran and a area mainly owned by #Kurds in #Iran.
the east has a little lower mountain chain and a bigger desert in the south west the #Dasht-e #Lut and is coverd by huge #rocks and the area of #Namak-#Zar inside Dasht-e Lut is the #hotest place on #earth actual. And the border area to #Pakistan is also coverd by a dry #desert
Read 11 tweets
Profile picture
Borna Khiabani
@Borna___
Thread:

UPDATE #Iran⚠️

- The regime is preparing for another Internet shutdown

#IranProtests #Internet4Iran
• 1,500 protesters killed
• 12,000 protesters detained
Many users from different cities have reported that their internet connections are having problem since this morning. This is happening due to the protest against the regime which will be happen tomorrow in #Iran
According to internet observer, Netblocks, there is evidence of disruption in access to mobile telephone networks in some areas of #Iran, and network data shows two specific reductions to internet data on Wednesday morning. #Internet4Iran
Read 27 tweets
Profile picture
mostafa.m
@MostafaMe4
#Iran
Girl children sifting through garbage to make ends meet
15,000 scavengers in the capital, 5,000 of whom are children. 40% of them are 10 to 15 years old
#Poverty #Children
women.ncr-iran.org/2019/10/21/gir…
The conditions of #children searching in the trash in #Iran under the mullahs’ regime is one of the most heartbreaking social issues
english.mojahedin.org/i/iran-trash-c…
#Iran under the mullahs' regime A mother & her three children in search of food...
#40YearsOfFailure

Read 4 tweets
Profile picture
𝓡𝓸𝓷𝓭𝓪 °•
@40_Ronda
Why aren't Americans taking about the foreign influence in the US government that continues to send our men and woman to fight immoral wars?

#Trump when he campaigned for president, before he decided to let Adelson fund his campain!

Adelson was one of the biggest donors to Trumps presidential campain. Adelsons company saved 670 million dollars from the massive republican tax break. Adelson did not support the Iran deal & wanted the US embassy moved to Jerusalem.

Adelson has a direct line to #potus!

Adelson has private in-person meetings & phone conversations about once a month with #Trump!

Adelson used his access to move the embassy in Israel to Jerusalem and cut aid to Palestinians.

nytimes.com/2018/09/22/us/…

nytimes.com/2018/09/22/us/…
Read 241 tweets
Profile picture
Elijah J. Magnier
@ejmalrai
1/ +
#Iran and the war on oil Tankers:
US sanctions are severe and hurting the Iranian population dearly. Iran is not allowed to export its 2 million barrel of oil/day and can smuggle only a few hundred thousand.
This situation suits Trump who is waiting to see Iran falling
2/+
Iran can't wait. It has reliable allies in Lebanon, Syria, Iraq, Afghanistan & Yemen who expressed their readiness to hit US & allies in the region regardless of the consequences.
It has a military capability to hurt the US bases & US allies in the ME & increase oil price.
3/+
Iran has the capability to hit Tankers on movement or static in harbours and close all harbours in the ME.

The US and allies can seriously hurt Iran but the US can't threaten a dying man of war.

Iran has nothing to lose anymore.

Read more in my forthcoming article.
Read 6 tweets

Trending hashtags

#Warlords #Clowns #crowdsourcing #global #Newsbud #NPT #Trump #EXPOSED #MiddleEast #Swedish #UK #Rouhani #Strzok #Iraq #Findley #Clinton #Veteran #Venezuela #EU #UAE #IRGC #40YearsOfFailure #American #IStandWithMaryamRajavi #UnitedStates
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!