Iran is increasingly relying on cyber-enabled influence operations to ignite geopolitical change in the regions of interest for the Iranian regime.
“Multiple Iranian state groups have turned to cyber-enabled influence operations more regularly since June 2022 to boost, exaggerate, or compensate for shortcomings in their network access or cyberattack capabilities,” Microsoft’s Threat Intelligence team said in its recent report.
According to Microsoft, Iran has accelerated its operations since last June. The company linked 24 unique operations to the Iranian government and said the rise could be partly attributed to better detection capabilities.
The rise has also corresponded with the decline of ransomware and wiper attacks linked to the Islamic Revolutionary Guard Corps (IRGC).
“The IRGC’s latest string of cyber-enabled IO in the last year has leveraged low-impact, low-sophistication cyberattacks, such as defacements, which are less time and resource intensive, while dedicating more effort to its multi-pronged amplification methods,” Microsoft said.
In the past year, Iran’s operations have been focused on bolstering Palestinian resistance, fomenting Shi’ite unrest in the Gulf, exposing corrupt or embarrassing behavior of the country’s adversaries, and countering the normalization of Arab and Israeli relations to sow panic among Israelis. In some cases, Iran has leveraged operations in retaliation for cyberattacks on its own systems.
“While lagging behind their Russian and Chinese counterparts in sophistication, Iranian nation state actors have added some new tools and techniques to their arsenal,” the company said.
According to experts, Iran has increased the speed with which it operationalizes newly reported exploits, employed a legitimate yet compromised Israeli website for command and control (C2), and used custom tooling against targets of interest
“Iran is likely to continue leveraging its newfound penchant for cyber-enabled IO to keep pace with external pressure, in part to overcome shortcomings in its cyber threat capabilities relative to the attacks it has faced. At the same time, Iranian cyber actors are likely seeking greater cyberattack capabilities to achieve the regime’s desire for proportional retaliation,” Microsoft concluded.
Source » cybernews