Threat profileIran
What characterizes Iran’s cyber capabilities is that although its cyber capabilities are less sophisticated than some of the other most active offensive nations, it is still able to inflict damage upon its adversaries. For this purpose Iran maintains a unique ecosystem of proxies, including state-sponsored units, universities and contractors to conduct its offensive cyber-operations.
Request a free membership to access our full research insights
Already a member? Login here
- Strategic motives: Espionage, information theft, disruption
- Strategic goals: Protecting the stability of the regime; achieving regional hegemony
- Cyber capabilities: ★★★☆☆
- Number of known cyber operations: ★★☆☆☆
- Number of APTs: 60
Top-10 Actors
By amount of operations
Iranian APTs
OUR OBSERVATIONS
0
Advanced Persistent Threats (APTs)
0
Tactics, Techniques & Procedures (TTPs)
0
Attack tools
SWOT analysis
Strengths, weaknesses, opportunities & threats
Strengths
- Amongst the top countries in certain technology research areas that can be used in developing offensive cyber capabilities (e.g. AI)
- Multiple contractor groups that conduct offensive cyber operations in line with the interests of the Iranian government
- Contracting cyber operators to conduct operations in the interest of the state
- Outsourcing of offensive cyber operations to universities with more knowledge and talent
Weaknesses
- Relatively basic in-house cyber capabilities
- High levels of mistrust and paranoia regarding contractors, clash with contracting individuals with more advanced offensive cyber capabilities
- Less monetary and technical resources to keep developing offensive cyber capabilities in comparison with other cyber powers (United States, China and Russia)
- Difficulties with modernizing and developing key sectors due to sanctions (e.g. agriculture, maritime and energy)
Opportunities
- Using cyberspace to protect the stability of the regime
- Conducting cyber operations against countries in the Middle East to strengthen their own information position and regional influence
- Using proxies in cyberspace to enable plausible deniability
- Using cyberspace to inflict damage upon stronger cyber powers
- Executing cyber espionage operations to modernize key industries
- Pivoting to ransomware attacks to fund cyber operations and potentially offensive cyber capability development
Threats
- Continuing target for foreign nation-state actors
- Being in the center of rivalry in the Middle East
- Targeted sanctions by the US amongst which because of specific cyber-attacks
Our articles covering Iranian threats
From Hunt & Hackett experts
19Jan
De dreigingen, oplossingen & ervaringen in de land- en tuinbouwsector
02Aug
The SolarWinds attack: A contrarian view and lessons learned
24Feb
Lights can go out: Espionage & disruption in the energy sector
30Sep
All hands on deck: Attackers have entered the maritime industry
26Aug
Agriculture in the crosshairs of nation-state sponsored hackers