Page 113 - Cyber Defense eMagazine February 2024
P. 113

Cotton Sandstorm or Static Kitten have been focusing on traditional espionage targets like governmental
            organizations (in case of Saudi Arabia Ministry of Defense for example), telecommunication or aviation
            but  also  the  oil  industry,  transportation and  critical  infrastructure.  Iran  has  been  rapidly  accelerating
            cyberattacks since mid-2022. Moreover, Iran is now supplementing its traditional cyberattacks with a new
            playbook, leveraging cyber-enabled influence operations (IO) to achieve its geopolitical aims. Supreme
            National Security Council (SNSC) Secretary Rear Admiral Ali Akbar Ahmadian has called for greater
            cyber security cooperation among BRICS countries during a Friends of BRICS National Security Advisors
            meeting in Johannesburg, South Africa last summer. Iran is likely trying to tap into Chinese and Russian
            expertise in “soft war”, which is an Iranian doctrinal term that refers to the use of nonmilitary means, such
            as economic and psychological pressure and information operations, to erode regime legitimacy, cultivate
            domestic opposition, and propagate Western values in Iran. While - like Russia - Iran expresses the belief
            “soft war” is a tool mostly used by the West, its own actions in cyberspace and other fronts testify to the
            fact that Iran is increasingly using “soft war” as its very own tool of statecraft.

            Iran’s minister of defense, Brig. Gen. Mohammad Reza Ashtiani, confirmed as much in a speech to his
            country’s defense officials last year, in which he outlined that given the current complex security situation
            in the Middle East, Iran had to redefine its national defenses beyond its geographic borders. According
            to Mrs. Ashtiani, that means utilizing new warfare strategies - including the use of space, cyberspace and
            other ways.

            Iran’s showing fast evolving capabilities as it has narrowed the gap with other powers opposing the West
            like Russia and China. Iranian hackers used the relieving of pressure provided by the nuclear deal and
            focused their energy on regional targets like Saudi Arabia, where they have consistently been trying to
            embed themselves in critical networks in order to prepare vectors of attack should the regime command
            the IRGC and the Ministry of Intelligence to do so.

            Iran has also seemingly concluded that the Houthis’ experiment in the Red Sea has been so successful
            that it bears repeating in the Mediterranean and in other waterways. “They shall soon await the closure
            of the Mediterranean Sea, [the Strait of] Gibraltar and other waterways,” Brig. Gen. Mohammad Reza
            Naqdi, the coordinating commander of Iran’s Islamic Revolutionary Guard Corps, told Iranian media on
            Dec. 23, apparently referring to the international community. Since Iran does not possess kinetic strike
            capability to target targets that far, we can assume he’s referring to Iran’s cyber capabilities and the
            regime’s apparent willingness to use them should Tehran feel threatened, which can easily happen in a
            tense situation like the one that exists in the region nowadays.

            Iran’s growing expertise and willingness to conduct aggressive cyber operations make it a major threat
            to the security of U.S. and allied networks, data and critical infrastructure. Iran’s opportunistic approach
            to cyber attacks makes critical infrastructure and logistical hubs operators susceptible to being targeted.
            In December IRGC-Affiliated hackers were able to exploit PLCs in multiple sectors, including U.S. water
            and wastewater systems facilities. Since Iran often uses cyber as a pillar of deterrence, this cyber attack
            may  have  been  a  warning  of  possible  retaliation  by  cyber  means,  should  Iran’s  enemies  overstep
            boundaries laid by the regime. The logistics industry, being a critical part of infrastructure, confronts
            substantial risks from advanced threat actors from Iran and beyond. Data we have recently published on
            the industry reveals a consistent pattern of attacks, with a clear emphasis on developed economies and
            major global logistics hubs. Although true that the detection of APT campaigns has declined, a correlation





            Cyber Defense eMagazine – February 2024 Edition                                                                                                                                                                                                          113
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
   108   109   110   111   112   113   114   115   116   117   118