Iran’s Cyber Attack Timeline 2009 – 2020

January 21, 2020 10:59 am Geraldine Strawbridge Iran's Cyber Attack Timeline

Tensions between Iran and the United States are at an all-time high after the US killing of Iran’s top general, Qassim Suleimani on January 3.

Iran vowed to take immediate revenge, and in the days following Suleimani’s death, the country carried out a ballistic missile attack on Iraqi military bases housing American troops. Despite warnings from Tehran that the US would pay heavily for their role in the killing, the strikes did not result in the widescale casualties that the country had hoped.

Iran has since stated that “they do not seek escalation or war”, but speculation is mounting that the real battle will be played out in cyberspace where Iran can exact the deadly and destructive revenge that it so desperately wants.

And it appears the country has wasted no time in launching its cyber offensive. In the immediate aftermath of Suleimani’s death, Iranian attempts to hack federal, state and local government websites jumped 50%, according to network security company Cloudflare. The company also noted that over the course of 48 hours, attacks traced to Iranian IP addresses nearly tripled against targets around the world, peaking at around half a billion attempts per day.

The threat has been taken so seriously that the US Department of Homeland Security has issued several alerts to the American public warning them about possible retaliatory cyber attacks in response to the strikes.

The real worry is that Iran could launch a devastating cyber attack against US critical infrastructure targets such as power grids, water supplies, transportation networks or health services. Any attacks on these systems would be debilitating and cause widespread disruption throughout the country.

But is Iran really capable of carrying out such destructive attacks? The jury’s still out on whether Iran has developed the capabilities needed to inflict such large-scale damage, but there’s no doubt that the country has become a credible threat and has invested heavily in its cyber operations in recent years.

The below timeline details Iran’s cyberwarfare capabilities and outlines the key events that have led to the current situation.

Iran’s Cyber Attack Timeline

Iran's Cyber Attack Timeline

December 2009 – Twitter homepage hacked: In 2009, a group known as the ‘Iranian Cyber Army’ defaced Twitter’s homepage in response to the Green Movement protests. The attack forced Twitter offline for more than an hour and users were unable to log into the service or send tweets.

August 2010 – Stuxnet Virus:  The famous Stuxnet attack is widely accepted as the catalyst that propelled Iran to develop its cyber warfare operations. In one of the first ever nation-state attacks, the Americans and Israelis collaborated to stop Iran from producing Uranium that could be used in nuclear weapons. A computer worm known as Stuxnet was placed on an infected USB stick and used to gain access to the Iranian computer systems. Although it didn’t completely halt operations, it did destroy nearly 1,000 uranium enriching centrifuges and significantly reduced Iran’s nuclear capabilities.

2011 – 2013 – DDoS Attack targeting US Financial Institutions: In the aftermath of the Stuxnet attack, Iranian hackers launched a series of DDoS attacks targeting some of America’s biggest banks. 46 financial institutions including Bank of America, JP Morgan and Capital One were hit by the attack that left thousands of customers unable to access their accounts and cost the banks millions in remediation.

August 2013 – Security Breach at Bowman Dam, New York: Iranian hackers remotely took control of the command and control network of the Bowman Dam just outside New York. The hackers could have potentially released water from the dam, only that the gate had been manually disconnected for maintenance at the time.

February 2014 – Sands Las Vegas Corporation Hacked: After the owner of the corporation advocated the use of nuclear weapons against Iran, Iranian hackers retaliated by bringing down the group’s IT systems, knocking out the phone lines and wiping a large number of computers. The attack also exposed customers Personally Identifiable Information, including credit card numbers, social security numbers and driver’s licence details.

2013 – 2017 – IRGC Cyber Theft Campaign: Within a 4-year period, Iranian hackers conducted a massive cyber theft campaign that stole more than 31 terabytes of documents and data from 144 U.S. universities, 176 universities across 21 foreign countries, 47 domestic and foreign private sector companies, the U.S. Department of Labor, the Federal Energy Regulatory Commission, the State of Hawaii, the State of Indiana, the United Nations, and the United Nations Children’s Fund.

August 2017 – Shamoon Virus attack on Saudi Aramco Oil Company: The 2017 attack on the world’s largest oil company marked a shift in Iran’s cyberwarfare operations. Using Shamoon malware, the hackers were able to wipe over 30,000 computers and cost the company millions in damages.

December 2018 – Ransomware attack on Atlanta’s city government: Iranian hackers were behind the massive cyber attack that crippled the city of Atlanta in 2018. Using Sam Sam Ransomware, the attackers were able to bring down some of the city’s vital computer systems whilst trying to extort thousands from the local government. Residents were left unable to pay their water bills, court hearings had to be postponed, police were unable to file online reports and public Wi-fi at the local airport was knocked out.

October 2019 – Hacking campaign US Presidential Campaign – According to Microsoft, the Iranian hacker group ‘Phosphorous’ tried to breach accounts associated with a U.S. presidential campaign and US government officials. The attackers made more than 2700 attempts to identify consumer email accounts and hacked into 241 of these accounts.

How can organisations mitigate the threat of a cyber attack?

How can organisations mitigate the threat of a cyber attack

Whether it’s a state-sponsored cyber attack, or a domestic attack carried out by opportunistic criminals, organisations should adopt a state of heightened awareness and assess their Cyber Security defences. Employees should receive regular Cyber Security awareness training and incident response plans should be tested to ensure organisational readiness in the event of a breach.

As tensions continue to escalate between Iran and the US, The Cybersecurity and Infrastructure Security Agency (CISA) has provided advice to IT professionals on how they can defend against attack.

  • Disable all unnecessary ports and protocols
  • Enhance monitoring of network and email traffic
  • Monitor systems for phishing attacks and follow best practices of restricting attachments via email or other mechanisms 
  • Patch externally facing equipment
  • Log and limit usage of PowerShell
  • Ensure backups are up to date

Iran may not have the same cyber capabilities as the US, China or Russia but it poses a very real threat as can be seen from the timeline of attacks above. Organisations should ensure that they are taking all the necessary precautions to improve their Cyber Security posture and training staff on how to recognise sophisticated cyber threats.

MetaCompliance specialises in creating the best Cyber Security awareness training available on the market. Our software has been used by hundreds of organisations across the world to create a more cyber secure and vigilant workforce. Get in touch for further information on we can improve Cyber Security awareness within your organisation.