Donald Trump called off a military strike on undisclosed Iranian assets this week after reports Iran’s Revolutionary Guard shot down a RQ-4A Global Hawk surveillance drone, the incident itself following accusations of Iranian responsibility for attacks on oil tankers in the Gulf of Oman. But U.S. Cyber Command launched a retaliatory cyber attack on “an Iranian spy group that supported last week’s limpet mine attacks on commercial ships,” Yahoo News reported on Friday.
The Yahoo News report was light on details and sourced from “two former intelligence officials,” but does state that the targeted organization has “ties” to the Revolutionary Guards and has some role tracking the flow of shipping through the Strait of Hormuz (which links the Persian Gulf to the Gulf of Oman and thus the Indian Ocean):
The group, which has ties to the Iranian Revolutionary Guard Corps, has over the past several years digitally tracked and targeted military and civilian ships passing through the economically important Strait of Hormuz, through which pass 17.4 million barrels of oil per day. Those capabilities, which have advanced over time, enabled attacks on vessels in the region for several years.
Though sources declined to provide any further details of the retaliatory cyber operation, the response highlights how the Persian Gulf has become a staging ground for escalating digital — as well as conventional — conflict, with both the United States and Iran trying to get the upper hand with cyber capabilities.
According to Bloomberg, abundant skepticism that the Trump administration was telling the truth about Iran involvement in the tanker attacks has waned somewhat. However, it is clear that if Iranian assets did carry out the attacks, it is much more likely they intended to send a signal about their ability to disrupt shipping in the region than start a war.
Analysts at stateside security firms FireEye, CrowdStrike Inc., and Dragos Inc. told the Wall Street Journal on Friday that “they had observed suspected Iranian state-sponsored hacking attempts—particularly through spear-phishing attempts” on U.S. government and private industry targets over the course of the past week, though none of the suspected attacks were successful. CrowdStrike said firms in the oil and gas industry were targeted, including with messages that purported to be from the Executive Office of the President. The Associated Press confirmed those reports on Saturday, though it also noted it was unclear if any of the attacks was successful and that if the attackers did gain access to any of the systems they may not immediately exploit it.
As Yahoo News noted, the U.S. has launched cyber attacks on Iranian infrastructure before, including use of the infamous Stuxnet computer worm to attack and destroy centrifuges at Iran’s Natanz nuclear enrichment facility from 2009 to 2010. In response, former U.S. Cyber Command senior legal counsel and current National Defense University cyber law professor Gary Brown told Yahoo News, “Iran really cranked up its capability” for retaliation. It has also sharpened its capability to pursue routine intelligence gathering online, such as “‘honey-potting’ or catfishing operations” targeting U.S. naval personnel on social media in order to gain information on ship movements, as well as “hacking into ship-tracking websites as well, according to one former intelligence officer.”
However, Iran had reportedly largely reined in its use of state-sponsored hacking groups to attack U.S. assets after former President Barack Obama’s administration stuck a deal in 2015 to cap the nation’s nuclear industry to levels unsuitable for weapons production in exchange for lessening of international sanctions on its economy. Trump very publicly abandoned that deal last year, claiming it was “defective at its core” and “nuclear blackmail,” in a move that attracted huge amounts of criticism from world leaders and nuclear arms experts. The International Atomic Energy Agency had repeatedly confirmed Iran was complying with the terms of the agreement, and Iranian officials only recently said Iran may begin breaching its terms after tensions with the U.S. racheted up.