Military strikes starting in late December in Baghdad have led to protests in Iraq, and escalated tensions between Iran and the US. They've also led cybersecurity experts to warn Iran could choose a cyberattack to retaliate against the US.
The situation intensified when the US bombed several sites in response to a rocket attack that killed an American civilian contractor at an Iraqi military base. The US strikes killed 25 members of a militia and prompted a storming of the US embassy compound in Baghdad. The tension increased on Thursday, when a US airstrike on Baghdad's main airport killed Iranian Gen. Qassem Soleimani. Iran's government has vowed to strike back.
What Iran's next move will look like is anyone's guess. Experts on the region have cautioned cyberattacks are one potential option, pointing to previous online efforts by Iran. Government hackers have hit a wide range of targets, including a small municipal dam and Las Vegas Sands Corp., run by conservative mogul Sheldon Adelson, according to the US government. Cyberattacks typically are military-led operations designed to cause damage to infrastructure, finances and morale.
People in charge of cybersecurity of essential systems, such as the electrical grid, financial networks, and internet and phone infrastructure, should already be prepared for serious cyberattacks, says Rosa Smothers, a former CIA technical intelligence officer who now works for cybersecurity training firm KnowBe4. "Critical infrastructure must remain vigilant," Smothers said.
On Saturday, vandals hacked into a website run by the US Government Publishing Office and posted an image in support of Iran. The US Critical Infrastructure and Security Agency, known as CISA, said hackers were able to take advantage of a misconfiguration of the site's content management system to deface the site. CISA added that it hadn't identified the hackers as working for the Iranian government.
"We are aware the Federal Depository Library Program (FDLP) website was defaced with pro-Iranian, anti-US messaging," a CISA spokesperson said. "At this time, there is no confirmation that this was the action of Iranian state-sponsored actors."
The CISA spokesperson also encouraged organizations to "increase monitoring, back up your systems, implement multi-factor authentication, and have an incident response plan at the ready."
Here are some of the cyberattacks attributed to Iran.
Banks and a dam
Seven a 2016 indictment from the US Department of Justice.the US financial system and a municipal dam in a campaign that lasted from 2011 to 2013, according to
The attacks on US banks left commercial banking websites unavailable for customers. A hacker also gained access to a flood control system at a dam in Rye Brook, New York. The dam was offline at the time of the intrusion, so the attacker didn't gain control over the mechanism.
US officials suspected as early as 2012 that Iranian hackers were behind the attacks, saying they were likely in retaliation for financial sanctions imposed by the US and other countries against Iran, according to The Washington Post.
A major casino corporation
In 2014, Iranian hackers disrupted computers at Las Vegas Sands, a casino company owned by Adelson that controls the Venetian and Palazzo resorts in Las Vegas, according to James Clapper in 2015. Clapper was then director of national intelligence.
Spying and stealing
Iranian government-affiliated hackers have also used hacking skills to spy on the US and steal intellectual property. While considered cyberattacks, these operations show the range of state-sponsored hacking in Iran.
In 2018, the US government indicted a group of nine Iranian hackers working for said in its indictment. The theft involved $3.4 billion worth of research from US universities.on charges of stealing intellectual property from hundreds of universities around the world, including 144 in the US. The theft was often done on behalf of Iranian military and government clients, the US Department of Justice
An alleged Iranian espionage campaign used Facebook to target members of. Using information passed to them by Monica Witt, a former member of the US Air Force, Iranian spies created fake accounts and attempted to trick Witt's former co-workers into downloading malicious software that would let spies access their computers.