Israels cyber defense chief expressed serious concern over suspected Iranian hackers claiming responsibility for a series of recent attacks on Israeli security cameras. He believes that Iran may escalate its covert battle with Israel in cyberspace by launching more significant attacks on infrastructure, especially as the ongoing conflict between Israel and Hamas shows no signs of resolution. Gaby Portnoy, the head of the Israel National Cyber Directorate, acknowledged that Iran sees cyberspace as a realm where they can operate with greater freedom compared to physical space. However, he assured that Israel is doing everything it can to prepare for such threats.
Portnoy stated that there would be consequences for any Iranian escalation in cyberspace, suggesting that Israeli hackers may retaliate with their own actions. However, Portnoy, who is responsible for cyber defense rather than offense, emphasized his aim to prevent cyberspace from becoming another battleground in the Israel-Hamas conflict.
Iranian hacking groups have proven their proficiency in incapacitating computer systems at companies in Israel, Saudi Arabia, and other Middle Eastern countries. Israel also possesses its own elite cyber operatives who, together with the US, are widely suspected of launching a cyberattack on an Iranian nuclear facility in 2009. Covert Israeli cyber operations against Iran have continued in recent years.
Since the Hamas terrorist attacks on Israel four weeks ago, suspected Iranian hackers have been responsible for hacking numerous security cameras in Israel. Additionally, they have posted a video tutorial on social media demonstrating how to make Molotov cocktails to target the Israeli and American embassies. Private cybersecurity experts who monitor these hackers, along with CNN's investigation of the social media posts, have confirmed these claims. Cybersecurity analysts believe that Iran is utilizing this digital aggression as another means to exert power in the ongoing war. This approach complements the rocket and drone attacks conducted by Lebanese militia Hezbollah on Israeli forces, as well as similar strikes by Iranian proxies against US troops in Syria and Iraq.
Portnoy claimed that Hezbollah-linked hackers have breached private security cameras in Israel in an attempt to monitor Israeli soldiers' activities in recent weeks. Thus far, the alleged Iranian hackers have had limited effects on their intended targets within Israel over the past month. Their objective appears to revolve around disseminating narratives in the media that highlight Israel and the United States' susceptibility to cyberattacks.
But the recent series of cyber attacks by Iran has prompted concerns among officials from the United States and Israel. They fear that Tehran could utilize its significant hacking capabilities to target the interests of both Israel and the US without engaging in direct physical conflict. Currently, the US intelligence community believes that Iran and its proxies are carefully strategizing their response to the Israel-Hamas war, intending to avoid direct confrontation while still inflicting costs on their adversaries. CNN has provided this information.
Data-wiping attacks blocked
Last week, US cybersecurity firm Palo Alto Networks reported that they had successfully thwarted multiple attempts by Iranian hackers to carry out data-wiping attacks on numerous Israeli academic organizations and technology providers. This serves as a stark reminder of the potential for escalating cyber warfare.
Security experts have revealed that Hamas possesses its own cyber capabilities, which it has previously utilized to spy on Israel and Arab governments. However, there has been a marked decrease in their activities during the most recent Israel-Hamas conflict. This can be attributed to the destruction of internet infrastructure in Gaza as a result of Israeli airstrikes.
US officials have further strengthened their ties with Israel in the realm of cyberspace following the Hamas attack by promptly exchanging intelligence regarding any emerging cyber threats. FBI Director Christopher Wray has expressed apprehension regarding potential escalation in cyberspace.
Wray informed a Senate panel on Tuesday that the ongoing cyber targeting of American interests and crucial infrastructure, which is already being conducted by Iran and non-state entities, is likely to worsen if the conflict expands. Consequently, the risk of kinetic attacks will also increase.
According to Eric Goldstein, a senior official at the US Cybersecurity and Infrastructure Security Agency, there has been no discernible change in the threat environment faced by American organizations. However, there is still a state of heightened alert. One reason for US officials' concern is the perceived recklessness and unpredictability of Iranian cyber operations, which differentiates them from other digital adversaries. In 2021, the FBI accused Iranian government-backed hackers of attempting to breach Boston Children's Hospital, although no patients were put at risk. Tehran, however, denied these allegations.
US officials have been preparing for the possibility of Iranian hackers launching a disruptive attack on critical US infrastructure, according to a senior US official who spoke on the condition of anonymity to CNN. The official noted that although there is a disparity between Iran-backed hackers' capabilities and their rhetoric, they are known to be reckless and lack sophistication in their tactics.
CNN made multiple attempts to reach the Iranian Permanent Mission to the United Nations for this article but did not receive a response.
The maturation of Irans cyber program
Self-proclaimed "hacktivist" groups, which experts from US cybersecurity firms Mandiant and CrowdStrike believe are actually Iranian fronts, have been claiming responsibility for numerous recent hacking attempts against Israeli and US organizations in support of Hamas, as per CNN. According to Mandiant's chief analyst, John Hultquist, the significance of these cyberattacks lies in their psychological impact rather than their practical effects.
On October 20, an individual purporting to be associated with a group called Soldiers of Solomon contacted a CNN reporter. They claimed to have hacked security cameras in a southern Israeli city. Additionally, the supposed hacker requested the contact details of other reporters, emphasizing the urgency of informing them about their increasing popularity.
Portnoy informed CNN that Israel holds the belief that Soldiers of Solomon has support from Iran's Islamic Revolutionary Guard Corps. Multiple cybersecurity researchers agree with this assertion, although they refrain from publicly commenting due to fear of reprisal. According to Adam Meyers, the senior vice president of intelligence at CrowdStrike, these online personas enable Iran to seamlessly blend in with numerous other pro-Palestine hackers in the ongoing information war accompanying Israel's invasion of Gaza.
According to CNN, Iran has developed the ability to create new personas with fresh tactics, techniques, and procedures without compromising pre-existing cyber operations. Although China and Russia tend to receive more focus in US cyber policy discussions, Iran has gradually assembled a group of skilled hackers who frequently work as contractors for the Islamic Revolutionary Guard Corps and Iran's intelligence ministry, as confirmed by US officials and experts.
The Israeli cybersecurity company, Check Point, recently revealed a purportedly ongoing Iranian cyber-espionage operation that targeted governments, IT and financial companies throughout the Middle East, including Israel. Although the hacking campaign predates the recent conflict in Gaza, it could potentially supply Tehran with valuable information on how regional governments are reacting to the war.
This campaign is "maybe the most sophisticated we have seen from Iran on a technological level," Sergey Shykevich, threat intelligence group manager at Check Point, told CNN.