Iran's hackers keep a low profile after Israeli and US strikes
June 27 (Reuters) - After Israeli and American forces struck Iranian nuclear targets, officials in both countries sounded the alarm over potentially disruptive cyberattacks carried out by the Islamic Republic's hackers.
But as a fragile ceasefire holds, cyber defenders in the United States and Israel say they have so far seen little out of the ordinary – a potential sign that the threat from Iran's cyber capabilities, like its battered military, has been overestimated.
There has been no indication of the disruptive cyberattacks often invoked during discussions of Iran's digital capabilities, such as its alleged sabotage of tens of thousands of computers at major oil company Saudi Aramco in 2012, or subsequent break-ins at U.S. casinos or water facilities.
"The volume of attacks appears to be relatively low," said Nicole Fishbein, a senior security researcher with the Israeli company Intezer. "The techniques used are not particularly sophisticated."
Online vigilante groups alleged by security analysts to be acting at Iran's direction boasted of hacking a series of Israeli and Western companies in the wake of the airstrikes.
A group calling itself Handala Hack claimed a string of data heists and intrusions, but Reuters was not able to corroborate its most recent hacking claims. Researchers say the group, which emerged in the wake of Palestinian militant group Hamas' October 7, 2023, attack on Israel, likely operates out of Iran's Ministry of Intelligence.
Rafe Pilling, lead threat intelligence researcher at British cybersecurity company Sophos, said the impact from the hacking activity appeared to be modest.
'As far as we can tell, it's the usual mix of ineffectual chaos from the genuine hacktivist groups and targeted attacks from the Iran-linked personas that are likely having some success but also overstating their impact,' he said.
Iran's mission to the United Nations in New York did not respond to a request for comment. Iran typically denies carrying out hacking campaigns.
Israeli firm Check Point Software said a hacking campaign, opens new tab it ties to Iran's Revolutionary Guards has in recent days sent phishing messages to Israeli journalists, academic officials and others.
In one case, the hackers tried to lure a target to a physical meeting in Tel Aviv, according to Sergey Shykevich, Check Point's threat intelligence group manager. He added that the reasoning behind the proposed meeting was not clear.
Shykevich said there have been some data destruction attempts at Israeli targets, which he declined to identify, as well as a dramatic increase in attempts to exploit a vulnerability in Chinese-made security cameras – likely to assess bomb damage in Israel.
The pro-Iranian cyber operations demonstrate an asymmetry with pro-Israeli cyber operations tied to the aerial war that began on June 13.
In the days since the start of the conflict, suspected Israeli hackers have claimed to have destroyed data at one of Iran's major state-owned banks. They also burned roughly $90 million in cryptocurrencies that the hackers allege were tied to government security services.
Israel's National Cyber Directorate did not return a message seeking comment.
Analysts said the situation is fluid and that more sophisticated cyber espionage activity may be flying under the radar.
Both Israeli and U.S. officials have urged industry to be on the lookout. A June 22 Department of Homeland Security bulletin warned that the ongoing conflict was causing a heightened threat environment in the U.S. and that cyber actors affiliated with the Iranian government may conduct attacks against U.S. networks.
The FBI declined to comment on any potential Iranian cyber activities in the United States.
Yelisey Bohuslavskiy, the cofounder of intelligence company Red Sense, compared Iran's cyber operations to its missile program. The Iranian weapons that rained down on Israel during the conflict killed 28 people and destroyed thousands of homes, but most were intercepted and none significantly damaged the Israeli military.
Bohuslavskiy said Iranian hacking operations seemed to work similarly.
'There is a lot of hot air, there is a lot of indiscriminate civilian targeting, and - realistically - there are not that many results,' he said.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Daily Mail
12 minutes ago
- Daily Mail
British 'cyber-security student' faces decades in US prison if convicted for 'hacking dozens of firms in £18m international crime spree'
A British cyber-security student has been charged in the US over allegedly leading a hacking scheme that caused more than £18 million of damage around the world. Kai West, who prosecutors say went by the names Kyle Northern and IntelBroker, was arrested in France in February. He allegedly used his 'IntelBroker' identity to steal from large companies and sell data online. The US is now seeking his extradition on charges of conspiracy to commit computer intrusion and wire fraud, accessing a protected computer to obtain information and wire fraud. He faces sentences of up to 20 years if found guilty. FBI assistant director in charge Christopher G Raia said the charges followed a 'years-long' scheme to steal data and sell it for 'millions in illicit funds'. He said the scheme had caused victims losses of at least £18.2 million worldwide. West is alleged to have stolen and sold the data whilst studying cyber security at a UK University. The indictment alleges West and his co-conspirators had sought to collect around £1.4 million by selling stolen data. Among more than 40 victims listed in the indictment were a telecommunications company, a municipal healthcare provider and an internet service provider. US Attorney Jay Clayton thanked British, French, Spanish and Dutch authorities for their assistance in the investigation. West allegedly hacked into computer systems to gain access to customer lists and marketing data, which he then stole for profit, according to the indictment. He is alleged to have stolen data from at least six major victims, including a U.S. federal agency, a municipal government healthcare provider, a US-based telecommunications provider and a large internet service provider. While none of the victims were identified, IntelBroker claimed data breaches at a number of technology companies in recent years, including Advanced Micro Devices Inc, Cisco Systems Inc and Hewlett Packard Enterprise Co, Bloomberg reported. In June last year, AMD was investigating claims that company information has been stolen in a hack. It came after IntelBroker reportedly said he breached its systems on a site called 'BreachForums', where hackers sell stolen data from companies around the world. The hacker forum was launched in 2022 and shut down in 2023, when a man named Conor Brian Fitzpatrick was arrested for running the site. Fitzpatrick was later sentenced to 20 years supervised release in January 2024, although he is set to be resentenced next month after an appeals court ruled that his punishment was too lenient. Four people suspected of being administrators of the forum were arrested last week in Paris. West allegedly offered data for sale about 41 times between 2023 and 2025, prosecutors have said. He allegedly also offered to distribute stolen information for free around 117 times, according to the indictment. Investigators discovered West's identity after an undercover FBI agent purchased stolen data from 'IntelBroker' and followed the Bitcoin payment to an account linked to West. An account used by West for cryptocurrency was also registered to an email which also received messages from the UK university where West was studying. Neighbours of Kai West today spoke of their shock at his arrest as they described him as a 'harmless', 'friendly' and 'helpful' young man. One said that he used to help him when his computer broke down, while the landlord of the local pub said he apologised for a drunk friend's behaviour after being kicked out of the establishment. West's parents' house is £355,000 thatched cottage in Andover, Hampshire. While no-one at the house today was prepared to speak, others who knew him spoke in glowing terms. Neighbour Tom Bartman, 43, said that the family seemed happy and normal. The car electrician who's lived in Andover since 2016 said: 'It's a shame what's happened, actually, he's a clever chap. 'I expect he was [interested] about something. 'I can't say a bad word about him, parents as well. He's a great chap, quite friendly and helpful.' On whether he thought there were any signs West could turn out to be a criminal mastermind, he said 'No, no, no, no, no'. He said: 'I know he was good at computers, sometimes he was helping us with some stuff. 'I know he was quite clever actually - he's a clever chap.' He said that West helped him when his computer broke down a few years ago. 'I had a problem when something packed up, I'm an electrician, I'm good with diagnostic but when something broke down he was able to repair it,' Mr Bartman said. The landlord of the nearby Hare and Hounds pub, who did not want to share his name, said he took over this role almost five months ago and West had been in on a few occasions. Speaking of the alleged hacker's intelligence, he said: 'I can't imagine him doing well in interviews, but he had the skills. 'It's a shame actually, a real shame, I'm sure he won't have done anything malicious.' He said: 'He didn't seem normal, but he seemed harmless. 'I had a friend here who's got a Romanian girlfriend and [West] was pretending he could speak Romanian. 'I haven't seen him in a long time, I've got a feeling his parents didn't like him drinking, it didn't affect him very well. 'I was just told that his parents only let him have one or two drinks. 'The last manager knew of that.' The landlord said that there was an incident soon after he started the job - West had three or four drinks, and someone told him that he's not allowed to drink that much. West hadn't caused any problems, but this made the landlord think that he 'had a sheltered childhood'. He continued: 'He did seem like a nice lad. 'His friend got too drunk and they both got told to leave and he came back very polite and apologetic.' A LinkedIn account in the name of West's alleged alias 'Kyle Northern' claimed to have worked at the National Crime Agency for two months in 2019. It claimed he studied at Winchester University in 2020, after studying at Basingstoke College of Technology in 2019. The account also listed 'ethical hacking' as one of the person's skills. The NCA told The Times that 'this individual has never been affiliated to, or employed by, the National CrimeAgency'. A Facebook account with the same alias claimed to have been connected to the HackerOne cybersecurity company.
Daily Mail
18 minutes ago
- Daily Mail
MARK DUBOWITZ: Iran's 'missing' uranium stockpile... and how the Mullah's devious last-ditch scheme to hide it has fooled the world
More than five days after President Donald Trump ordered unprecedented US strikes on three Iranian nuclear facilities, Americans are just now starting to receive the first sober analysis of the attacks. Though the assessments are not coming from the US government and, especially, not from the mainstream American media.
Telegraph
26 minutes ago
- Telegraph
Iran still has enriched uranium, Israel admits
Iran still possesses enough nuclear material to build a bomb despite recent air strikes, a senior Israeli military official has said. He also told reporters there were 'concerns' that Tehran would rush to build a crude nuclear weapon now that the conflict between the two nations was over. The comments came as Abbas Araghchi, Iran's foreign minister, rejected claims by Donald Trump that it would resume nuclear talks with the US next week. On Wednesday, Iran's parliament approved legislation to suspend all co-operation with the International Atomic Energy Agency (IAEA), the UN nuclear watchdog. The senior Israeli defence official said on Friday: 'We understand that there is still enriched material in Iran.' They added that the Israel Defense Forces would strike the Islamic Republic again if it detected future efforts to develop a nuclear weapon. A ceasefire deal was agreed earlier this week to end the 12-day conflict between Israel and Iran. The US also carried out strikes on Iranian nuclear sites, including using bunker-busting bombs on the fortified Fordow enrichment facility. Mr Trump claimed the raid caused 'total obliteration' and that it would take 'decades' for Iran to rebuild its nuclear programme. The US president and senior administration officials also launched scathing attacks on reported leaks of US intelligence which suggested the campaign only set back Iran's ambitions by months. But while praising the accuracy of the US's B2 stealth bombers in the strikes, the Israeli official said the prospect of Iran using its surviving enriched uranium to fashion a crude nuclear warhead in secret was 'a concern'. 'It's very hard to find every gram of enriched material,' he said. 'We are tracking this, also with our allies.' He suggested that controlling whatever nuclear fuel Iran possesses could be best done through diplomatic channels. Shortly before the conflict began, the IAEA said it believed Iran possessed just over 408kg of uranium enriched to at least 60 per cent. Further enriching the material to weapons-grade, around 80 to 90 per cent, is a relatively short process. The watchdog said this could be enough for Iran to build 10 nuclear bombs. Even before the campaign began, the prospect of Iran producing a warhead and then miniaturising it to mount a ballistic missile without detection was considered nearly impossible. However, there have long been concerns that it could build a functional warhead that could be delivered manually, such as by boat or truck, undetected. On Thursday, it was reported that two European governments believed the stockpile was not at the Fordow site at the time of the strike on Sunday. Mr Trump had claimed during this week's Nato summit that talks between Iran and the US would begin next week. But speaking during a television interview, Mr Araghchi said: 'Don't take Trump's words seriously. No agreement for renewed negotiations has been made.' He added that Iran was 'reviewing its policies' following the attacks but said it was 'too early to judge whether successful negotiations are possible.' The foreign secretary also admitted that US and Israeli attacks on Iran's nuclear sites had caused 'serious damage,' although he said the full extent remained unclear as the country's Atomic Energy Organisation continued to assess the situation. 'These damages were not minor, and serious harm has been inflicted on our facilities,' he added. Rafael Grossi, the International Atomic Energy Agency (IAEA) chief, said he had written to the Iranian government requesting permission to travel to the country and to resume nuclear inspections. Tehran previously claimed it moved its enriched uranium before the US strikes, and Grossi said inspectors needed to check the stockpiles. 'We need to return. We need to engage,' he said. However, Mr Araghchi said Iran had 'no plans to receive' Mr Grossi. On Wednesday, Iran's parliament passed a new law suspending all co-operation with the IAEA, including removing monitoring cameras from nuclear sites and banning the watchdog's inspectors from entering the country. Providing any reports to the agency is also now illegal. The legislation passed with 222 votes in favour and none opposed. Mohammad Bagher Qalibaf, the Iranian parliament's speaker, said the country's nuclear programme would now be pursued with 'greater speed.' Iran's foreign ministry also claimed that if Europe activated a 'snapback' mechanism to restore UN sanctions, it would be committing a 'historic mistake' that would 'completely eliminate Europe's role' in nuclear talks. On Thursday, Sergei Lavrov, Russia's foreign minister, said that Moscow wanted Iran to continue co-operating with the IAEA, putting pressure on Tehran to reverse course. On Friday, the fragile ceasefire appeared to be holding despite both sides blaming each other for violating it. Across Iran, officials continued to celebrate what they described as a 'victory' over Israel and the US. Meanwhile, the Islamic Revolutionary Guard Corps has announced that funerals for senior commanders killed in the Israeli attacks will be held on Saturday. It is unclear if Ali Khamenei, the country's supreme leader who usually leads prayers for senior officials, will attend.
