skip to Main Content

Iran retaliation against US passes from fake news and cyber attacks

Iran’s retaliation against United States exploits also Internet and fake news. BuzzFeed News: People spread false-unverified information about missile attack on US Bases in Iraq

Iran’s retaliation against United States exploits also Internet and fake news. As BuzzFeed News reported, “people are spreading false and unverified information about Tehran’s missile attack on US Bases In Iraq. don’t be fooled”. The outlet has just compiled a running list of falsehoods and unverified information following the attack. The online propaganda experts found that It’s too early to tell whether there have been any casualties and, if so, now many. Current reports of casualties are unverified. Furthermore, there are many outdated photos being spread. These are images of older’s attacks, not the last one, according to Google reverse image search. Same issue for the videos, token in different countries and date. Finally, some people received false text messages, claiming they’ve been drafted.

Tehran’s hackers are working to spread propaganda via fake news, pump the echo of the physical attacks on the ground; to hit the United States critical infrastructures, especially the Industrial Control Systems

After General Qassem Soleimani killing, Iran activate it’s cyber army to hit United States. One branch is working to spread propaganda via fake news, to pump the echo of the physical attacks on the ground. The other aims to launch waves of cyber attacks against American interests. They started with defacements, hacking the Federal Depository Library Program (FDLP) website. According to the cyber security experts, the target was weak and of little value for Tehran’s state-sponsored hackers. But it helped fuel fear about massive incidents. The real goal is to damage the critical infrastructures. In particular the Industrial Control Systems (ICS). This in five ways according to Fifth Domain: distributed denial of service (DDoS) attacks; data deletion; attacks on industrial control systems; information operations; and cyber-espionage to enable military action.

The cyber security experts: The worst iranian cyber attacks are the “wiper”, already used in the past. Such cyber aggression could lead to the cancellation of entire civilian and military networks in a very short time

However, the worst Iranian attacks are the “wiper”, especially on industrial control systems. Indeed, these are one of the main tools exploited over time by Tehran’s state hackers. So much so that they already used them in 2012 against Aramco and in 2016 against government entities and Saudi companies. Such cyber aggression could lead to the cancellation of entire civilian and military networks in a very short time, with damage that cannot be estimated. It is no coincidence that Chris Krebs, director of the Homeland Security department’s Cybersecurity and Infrastructure Security Agency (CISA), posted a Tweet in which he warned the whole community to study cyberspace Tehran’s tactics, procedures and techniques (TTP) in detail. Furthermore, he urged to pay particular attention to critical systems, especially ICS, and to monitor access to systems very carefully also by third parties.

The Tehran’s cyber army structure and the ZeroCleare malware

The most well-known and dangerous Iranian groups are MuddyWater, Ajax Security Team, Chafer, Infy, APT33, APT34 (aka Oilrig and HeliKitten) and Hive0081. The latter, however, in early December released a new malware, ZeroCleare, created precisely for “data-wiping” attacks, that is, the deletion of data or entire databases in compromised systems. To help them there is the RANA Institute, which also specializes in the development of malicious codes and systems to infiltrate target computers. The entire structure belongs to the “Joint Cyber ​​Army”, cybernetic arm of intelligence of Tehran, and to the Cyber ​​Defense Command (Gharargah-e Defa-e Saiberi). This is placed under the supervision of the “Passive Civil Defense Organization”, subdivision of the Joint Command of the armed forces.

U.S. will face also an exponential growth of Iranian cyber espionage and fake news

In addition to wiper attacks, such as ZeroCleare, cyber security experts also predict an exponential growth of Iranian cyber espionage actions against the US. This for two reasons: on the one hand, acquiring valuable information on possible targets to hit. On the other, to try to predict and anticipate the enemy’s moves. In this regard, Tehran state hackers in recent years have created “sleeping” databases with thousands of secondary targets (especially employees of “interested” subjects or third party suppliers) to be hit with phishing to infiltrate American networks in depth. In parallel of cyber attacks and cyber espionage, online propaganda and fake news will also spread. This, as a force multiplier, to manipulate the public opinion worldwide and the mixed reactions in the international community over the US drone strike in Iraq. 

Cloudflare confirms to CNN that Iranian cyber attacks against US jumped over 50% after Soleimani’s death

The increase of Iranian cyber attacks against US was confirmed by also by Cloudflare, according to CNN. The cyber security company, stated that soon after the strike that killed Soleimani, Iran-based attempts to hack federal, state and local government websites jumped 50% — and then continued to accelerate. Over the course of 48 hours, attacks traced to Iranian IP addresses nearly tripled against targets around the world. Cloudflare CEO Matthew Prince in an interview called the increase “statistically significant”. He added that the true number of attempts was likely higher, given that the company has a limited view of the wider internet. “That would be very atypical to happen on its own,” Prince said of the spike. “That, I think, you can safely correlate directly to the death of the Iranian general.” Even as malicious activity increased from within Iran, attacks originating from other countries also grew. That could indicate sophisticated Iranian attackers masking their true locations, or it could suggest that non-Iranian hackers are taking advantage of a chaotic situation.

Back To Top