Page 112 - Cyber Defense eMagazine February 2024

P. 112

Furthermore, there have now been more than 100 attacks against U.S. and allied forces based in Iraq
and Syria since mid-October, and repeated attacks by the Houthis based in Yemen. According to US
defense officials, more than 100 drones and missiles have been fired in recent weeks against vessels, in
addition to targeting Israel and flying through Saudi territory. In response, Washington announced the
establishment of a multinational naval task force, dubbed Operation Prosperity Guardian, to support
freedom of navigation in key Red Sea waterways. The operation is set to include Bahrain, Canada,
France, Greece, Italy, the Netherlands, Norway, Seychelles, Spain, and the United Kingdom, U.S.
officials said, although details are still murky and there remains ongoing confusion about what it will look
like. Italy, for example, has said it is sending a frigate to the Red Sea under its long-standing plans – not
as part of Operation Prosperity Guardian. Several other countries also agreed to take part in the task
force but preferred to remain anonymous or not join the American command structure – for example Arab
countries depend on freedom of navigation but don’t want to be seen as defending Israel just now, since
the Houthis are linking their attacks to Israeli war on Hamas in the Gaza strip.

America’s broad approach has so far been primarily reactive in nature and limited in scope, though media
reports suggest at least some debate within the U.S. President Biden’s administration over a more robust
response. Those calls will likely increase in the event of a major incident like successful targeting of U.S.
flagged allied warships or deadly attacks on coalition troops in the region or potentially even a large-scale
cyber attack. There is a continuous risk of serious escalation and Iran possess the tools to disrupt critical
infrastructure in Saudi Arabia not only by drones and rockets, as already demonstrated in the 2019
Abqaiq–Khurais attack, but also by means of cyber warfare, as demonstrated by the largescale hack of
Saudi Aramco in 2012. The Saudi Aramco incident signaled Iran’s growing cyber capabilities and
Tehran’s willingness to use them to promote its interests, particularly in its battle of influence in the Middle
East with Saudi Arabia. At the time, some countries had the capability to remotely destroy computer data,
but there were few publicly known instances of a country using them. But nowadays, Iran is among world
leaders in terms of using cyber warfare as a tool of statecraft. While Iran is not likely to escalate itself in
the Gulf and be seen as the party that breached the China-brokered peace deal with Saudi Arabia, the
pressure from China is not inhibiting Iranian actions against the West, Israel or the anti-Houthi naval
coalition. And while Hezbollah is not going to act without permission from Tehran, the Houthis and other
groups in the region can act against the same targets on their own.

The Cyber Perspective

While Iran uses its proxy forces for the grand majority of attacks on its rivals, the partial deniability
provided by cyber warfare leaves Iran’s own tools on the table, even as Iran hesitates to confront its rivals
openly by kinetic means. Iranian hackers have been repeatedly successful in gaining access to emails
from an array of targets, including government staff members in the Middle East and the US, militaries,
telecommunications companies or critical infrastructure operators. The malware used to infiltrate the
computers is increasingly more sophisticated and is often able to map out the networks the hackers had
broken into, providing Iran with a blueprint of the underlying cyberinfrastructure that could prove helpful
for planning and executing future attacks.

During the last 5 years, from the 12 biggest publicly known cyber attacks on Saudi Arabia, Iran was
responsible for 8 of them. In these attacks, Iranian Advanced Persistent Threats (APTs) like MuddyWater,

107 108 109 110 111 112 113 114 115 116 117