Significant increase in sophisticated, ideologically-driven attacks from Iranian sources
[ Page 42 ]
Iran has become a significant player in the cyberattack arena. Its threat is no longer confined to patriotic hackers defacing websites. Individuals, companies, and regime organs have all evolved sophisticated cyberattack capabilities and have developed global infrastruc- ture with which to expand and improve them. These capabilities are more concerning because they do not appear to have been developed primarily for mercenary reasons. They seem, rather, to be used in the service of the security and ideological interests of the regime.
The Iranian attacks against Norse sensors, together with the attacks conducted against JPMorgan Chase, Saudi Aramco, and the Sands Casino, provide a glimpse into the motivations of the hackers. These attacks were clearly not profit-driven. They penetrated three wealthy organizations and sought to destroy data rather than steal intellectual property or money. The attack on Aramco served the interests of the Iranian state directly; the one on Sands seems to have been driven by Iranian nationalism. Significant increases in attack volume on Norse sensors generally correlate with rising tensions with the West and/or perceived attacks or insults to Iran.
Iran has been developing cyber warfare capabilities for years and accelerated these efforts following the Stuxnet attack that set back their nuclear weapons program. Several large-scale hacking incidents against Western targets show that Iran is also becoming more adept and confident in conducting offensive cyber attacks to further its revolutionary aims.