US-Iran Conflict: Increased Geopolitical Risk From Cyber Attacks Based Out of Iran

Jordan Young & Julian Benz ● February 28, 2020
US-Iran Conflict: Increased Geopolitical Risk From Cyber Attacks Based Out of Iran

The Ayatollah, Ali Khamenei, Directs State-led Cyber Initiatives of Iran

After the United States assassinated Major general Qasem Soleimani on January 3, 2020, many looked to Ayatollah Ali Khamenei for a response as he is responsible for Iran’s foreign policy. Khamenei is Iran’s Supreme Leader and head of state, as well as head of the Islamic Revolutionary Guard Corps (IRGC), sworn to protect the Islamic Republic.

Soleimani reported directly to Khamenei as the head of the IRGC’s Quds Force, Iran’s special elite unit responsible for foreign operations. Additionally, the Ayatollah had a personal connection to the assassination because Soleimani was one of his most trusted advisors.


Iran Geopolitical Risk Analysis: How Will Iran Avenge Soleimani’s Death?

The assassination of Soleimani, revered by many Iranians as an expectational military officer, led major news outlets to question if a war would break out between the United States and Iran. Actions taken by Khamenei have led VerSprite’s Geopolitical Risk practice (GPR) to conclude that Iran seeks to retaliate through a limited response rather than escalate tensions which could spark international conflict between the United States and Iran.


Iran’s State-Sponsored Threat Actors Can Conduct Sophisticated Cyber Attacks

The Office of the Director of National Intelligence (ODNI) claims that Iran’s Revolutionary Guard Corps (IRGC), responsible for Iran’s offensive cyber capabilities, use increasingly sophisticated cyber attack methods. In December 2019, the National Cybersecurity Authority of Saudi Arabia attributed Iran to employing Dustman, a new data-wiping malware, against Bapco, Bahrain’s national oil company. Dustman can disrupt computer processes and overwrite data on targeted computers. Iran’s abilities to research and target energy companies in the Middle East, as well as develop new wiper malware, demonstrate Iran can conduct sophisticated cyber attacks.

Additionally, experts suspect Russia collaborated with Iran during the 2017 Triton attacks against a Saudi Arabian Chemical Company. This attack set a precedent for joint cyber-offensives. Iran’s willingness to collaborate with Russia, suggests Iran learns from Russia: a country known to manage cyber-forces who conduct highly sophisticated cyber attacks.

Cyber Espionage Campaigns Originating from Iran are Likely to Increase

Cyber espionage campaigns provide Iran strategic assets, especially in case of future conflict. Cyber espionage campaigns provide Iran’s Revolutionary Guard Corps information on the activities of American businesses and government agencies. Furthermore, espionage campaigns allow Iran to discover vulnerabilities which would be exploited during periods of heightened conflict between Iran and the United States.

Countries such as China, North Korea, and Russia frequently target American businesses without the United States retaliating through a physical counterstrike. Hence, cyberwarfare presents an opportunity for Iran to gain strategic assets without great financial costs.

Funding a cyber division is cheaper than purchasing equipment and financing ground force deployment. Indeed, domestic counter-terrorist units already claim cyber-based espionage attempts conducted by Iran on businesses in the United States increased since the assassination.

VerSprite also reminds readers the United States Cyber Command focuses on protecting critical infrastructures. Protecting American-based businesses and other institutions from espionage-based cyber attacks is unrealistic due to the number of businesses located in the United States and the finite resources of Cyber Command. Businesses should therefore consider mitigating cyber-related geopolitical risk their companies may face, due to rising tensions with Iran, as their own responsibility.


Geopolitical Risk Consulting Expertise

VerSprite is a cybersecurity consulting firm which specializes in providing businesses risk management solutions. Practice areas of VerSprite include application technology solutions, development interface specializations, governance and compliance measures, and more. VerSprite’s Geopolitical Risk (GPR) practice focuses on mitigating cybersecurity risks foreshadowed by geopolitical occurrences. Organizations can learn about their threat environments by contacting VerSprite’s security experts.

Traditional services of GPR include conducting due diligence investigations, vetting vendors and partners, preparing for businesses for expansion, and assessing the effectiveness of cybersecurity plans or strategies. Learn more →

A Quick Guide to Geopolitical Risk ebook

A Quick Guide to Geopolitical Risk [EBook]

Cybersecurity and geopolitics are inextricably linked. To holistically tackle threats to our information security, we must take a step back and examine their causal roots and drivers, which take place day after day on the international stage.