Offensive cyber operations were a key part of the United States and Israeli strikes that targeted Iran over the weekend, with critical infrastructure and media key targets.
Outlets like The Jerusalem Post have called the activity the “largest cyber attack in history”. As of 2 March, global internet monitoring firm NetBlocks said Iranian internet activity has dropped to just 1 per cent of its pre-attack levels.
“The internet blackout imposed on Saturday morning continues to limit Iranians’ access to information as the war with the US and Israel widens regionally,” NetBlocks said in a post to X, alongside a graphic showing Iranian internet activity effectively falling off a cliff.
But despite these offensive operations, and no doubt inspired by the death of its leader, Ayatollah Ali Khamenei, Iran has vowed to strike back, declaring that there will be “no red lines” limiting its response. And while missiles and drones fall on targets across the region, cyber is expected to be a key battlefield in the near future.
In fact, cyber operations provide Iran with a unique opportunity to impact its opponents.
“With the US and Israeli military bombing of Iran, the cyber domain becomes a channel for asymmetric response,” Joe Saunders, founder and CEO at RunSafe Security, told Cyber Daily.
“Our infrastructure operators need to remain on heightened alert, especially since our critical infrastructure sectors are interconnected and even limited cyber incidents could have cascading economic and public safety consequences. Jordan, Bahrain, UAE, and other key spots should also be on cyber alert.”
Adam Meyers, head of counter adversary operations at cyber security firm CrowdStrike, said strikes against Iran have “shifted the cyber risk landscape”.
“CrowdStrike is already seeing activity consistent with Iranian-aligned threat actors and hacktivist groups conducting reconnaissance and initiating DDoS attacks. These behaviours often precede more aggressive operations,” Meyers said.
According to the company’s latest Global Threat Report, Iranian hackers are continuing to evolve their tactics and tradecraft and are pivoting to cloud and identity-focused operations.
“In past conflicts, Tehran’s cyber actors have aligned their activity with broader strategic objectives that increase pressure and visibility at targets, including energy, critical infrastructure, finance, telecommunications, and healthcare,” Meyers said.
David Hollingworth
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.