US military cyber forces launched a strike against Iranian military computer systems on Thursday as President Donald Trump backed away from plans for a more conventional military strike in response to Iran's downing of a US surveillance drone, US officials said Saturday.
Two senior defense officials said that the cyberattack – a contingency plan developed over weeks amid escalating tensions – was conducted with approval from President Donald Trump. A third official confirmed the broad outlines of the strike, saying that the targeted strike on the Iranian Revolutionary Guard's computer-controlled weapons systems had been planned over weeks.
Follow Israel Hayom on Facebook and Twitter
The IRGC, which was designated as a foreign terrorist group by the Trump administration earlier this year, is a branch of the Iranian military which answers directly and solely to Iranian Supreme Leader Ayatollah Ali Khamenei.
The action by US Cyber Command was a demonstration of the US 's increasingly mature cyber military capabilities and its more aggressive cyber strategy under the Trump administration. Over the last year, US officials have focused on persistently engaging with adversaries in cyberspace and undertaking more offensive operations.
Meanwhile, Iran has increased its offensive cyberattacks against the US government and critical infrastructure.
In recent weeks, hackers believed to be working for the Iranian government have targeted US government agencies, as well as sectors of the economy, including oil and gas, sending waves of spear-phishing emails, according to representatives of cybersecurity companies CrowdStrike and FireEye, which regularly track such activity.
Tensions have escalated between the two countries ever since the US withdrew last year from the 2015 nuclear deal with Iran and began a policy of "maximum pressure." Iran has since been hit by multiple rounds of sanctions.
The cyberattacks are the latest chapter in the US and Iran's ongoing cyber operations targeting each other.
"Both sides are desperate to know what the other side is thinking," said John Hultquist, director of intelligence analysis at FireEye. "You can absolutely expect the regime to be leveraging every tool they have available to reduce the uncertainty about what's going to happen next, about what the US's next move will be."
The Iranian actor involved in the cyberattack, dubbed "Refined Kitten" by CrowdStrike, has for years targeted the US energy and defense sectors, as well as allies such as Saudi Arabia and the United Arab Emirates, said Adam Meyers, vice president of intelligence at CrowdStrike.
The US Department of Homeland Security said in a statement released Saturday that its agency tasked with infrastructure security has been aware of a recent rise in malicious cyber activities directed at US government agencies by Iranian regime actors and proxies.
Cybersecurity and Infrastructure Security Agency Director Christopher C. Krebs said the agency has been working with the intelligence community and cybersecurity partners to monitor Iranian cyber activity and ensure the US and its allies are safe.
"What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you've lost your whole network," Krebs said.
The National Security Agency would not discuss Iranian cyber actions specifically, but said in a statement to the AP on Friday that "there have been serious issues with malicious Iranian cyber actions in the past."
"In these times of heightened tensions, it is appropriate for everyone to be alert to signs of Iranian aggression in cyberspace and ensure appropriate defenses are in place," the NSA said.
Iran has long-targeted the US oil and gas sectors and other critical infrastructure, but those efforts dropped significantly after the nuclear agreement was signed. After Trump withdrew the US from the deal in May 2018, cyber experts said they have seen an increase in Iranian hacking efforts.
"This is not a remote war (anymore)," said Sergio Caltagirone, vice president of threat intelligence at Dragos Inc. "This is one where Iranians could quote unquote bring the war home to the United States."
Caltagirone said as nations increase their abilities to engage offensively in cyberspace, the ability of the United States to pick a fight internationally and have that fight stay out of the US physically is increasingly reduced.
The Defense Department refused to comment on the latest Iranian activity. "As a matter of policy and for operational security, we do not discuss cyberspace operations, intelligence or planning," Pentagon spokeswoman Heather Babb said in a statement. The White House did not respond to a request for comment.
Despite the apparent cyber campaign, experts say the Iranians would not necessarily immediately exploit any access they gain into computer systems and may seek to maintain future capabilities should their relationship with the US further deteriorate.
"It's important to remember that cyber is not some magic offensive nuke you can fly over and drop one day," said Oren Falkowitz, a former National Security Agency analyst. It takes years of planning, he said, but as tensions increase, "cyber impact is going to be one of the tools they use and one of the hardest things to defend against."
