“Some of the most aggressive efforts over the past week have been cyberattacks against major financial institutions in Iran and disinformation campaigns aimed at causing chaos and confusion in Israel.
A pro-Israeli hacking group known as Predatory Sparrow claimed credit for a cyberattack last week on Iran’s Bank Sepah, which caused widespread account issues for customers. The group also later claimed credit for draining around $90 million from Nobitex, Iran’s largest cryptocurrency exchange, and for posting stolen Nobitex source code lists on the social media platform X.
Hackers also targeted Iranian news stations. Videos circulated online appeared to show Iranian state TV broadcasting anti-regime messages last week.
The Iranian government shut down the nation’s internet in response to the attacks late last week, a blackout that was largely still ongoing on Sunday.
“Gaining control of the flow of information is certainly to be expected from the regime … they suspect that there is maybe an attempt to mobilize public attention,” Vatanka said.
Top Iranian officials and their security teams were also advised last week to stop using internet-connected devices, in particular telecommunication devices, to protect against potential Israeli disruptions. Last year, thousands of pagers used by the Iranian proxy militant group Hezbollah exploded across Lebanon, leaving thousands injured.
One reason Israel’s cyberattacks may have been more effective in this round of fighting is that Israel struck Iranian facilities first, giving it more time to prepare its offensive and defensive options before Iran could retaliate.
Iran and its proxy organizations are fighting back, albeit on a smaller scale. Israel’s National Cyber Directorate warned Israelis abroad on Saturday not to fill out forms on malicious websites that are seeking to gather intelligence on these individuals.
Gil Messing, chief of staff for Israeli cyber company Check Point Software, said Saturday just before the U.S. strikes that his company had tracked cyber and disinformation campaigns against Israel “escalating a bit,” though no new major attacks had been reported.
Messing said that there was a “flood of disinformation” pouring onto social media last week, including messages discouraging Israelis from entering shelters during attacks and erroneous texts about gas and supply shortages.
Israel’s civilian cyber defense agency warned that Iran was renewing its efforts to hack into internet-connected cameras for espionage purposes.
John Hultquist, chief analyst for Google Threat Intelligence Group, posted on X on Saturday shortly after the attacks that Iranian cyber forces usually use their “cyberattack capability for psychological purposes.”
“I’m most concerned about cyber espionage against our leaders and surveillance aided by compromises in travel, hospitality, telecommunications, and other sectors where data could be used to identify and physically track persons of interest,” Hultquist wrote.”
“U.S. Cyber Command paused offensive operations aimed at Russia for a day earlier this year as a negotiating tactic, House Armed Services Committee cyber subcommittee Chair Don Bacon (R-Neb.) confirmed Friday.”
…
“While Bacon did not elaborate on the negotiations, the pause likely happened around the time Ukrainian President Volodymyr Zelenskyy was visiting the White House to negotiate a minerals deal with President Donald Trump — a deal that fell through after a contentious Oval Office meeting.”
“In his first 100 days in office, President Donald Trump has taken a sledgehammer to many of the nation’s cyber-focused agencies and programs. Now, a normally apolitical community is rising up in protest.
The nation’s cyber agencies, particularly the Cybersecurity and Infrastructure Security Agency, have faced relentless cuts to programs and personnel, heightening concerns about the stability of the workforce and resiliency of U.S. capabilities.”
…
“The industry has long held the view that securing the nation’s most critical networks is a collective national security imperative, with private political opinions mostly kept secondary. But Trump has ushered in an era of hyperpartisanship in Washington and has rewarded public displays of allegiance to the MAGA cause, generating fury among exasperated professionals.
“With the politicization of basically everything in government, including cybersecurity, we are seeing what would be the normal course of business come under scrutiny,” said one cyber industry leader on the sidelines of the RSAC Conference, one of the largest gatherings of cyber professionals in the world. “There are a number of groups, communities if you will, that are trying to take a more aggressive approach to say, ‘Hey, we can’t be quiet or complacent anymore on the way we operate,’ because effectively good faith is no longer the tone that is being taken.””
…
” “Nobody should be blackballed for doing their job,” said a third industry leader. “That’s the situation we have right now — widespread anger that it doesn’t seem to be getting any better. And where are our industry leaders?””
“the way we think about how China would overrun Taiwan may well be wrong. Rather than an all-out invasion, it could attempt to capture the island without firing a single shot through “gray zone” tactics. Such tactics might combine maritime blockades and advanced cyberwarfare capable of cutting off Taiwan from the lines of seaborne trade and the digital access it needs to survive. And Beijing could do so in a way that might be just far enough below the threshold of conflict that would drive Washington and its allies to come to Taiwan’s aid.”
“Britain’s signals intelligence spy chief raised eyebrows this week with warnings that Russia is coordinating both cyberattacks and physical acts of sabotage against the West. There’s evidence to back her claims—and the West may be returning the favor. Coming soon after FBI Director Christopher Wray warned that China is targeting American infrastructure, it looks like the world is not only fracturing once again, but that the hostile blocs are engaged in covert warfare.”
“Millions of documents from a Chinese cybersecurity contractor and the Iranian court system revealing how both governments repress dissent abroad have been posted online over the past two weeks.”
…
“dozens of Chinese government agencies, from local police departments to the army, had hired I-Soon to gather information on opponents by hacking into social media platforms and foreign government databases.
The alleged targets included people from a range of regions suffering unrest: Hong Kongers, Tibetans, and Uyghurs. The United Nations has accused the Chinese government of subjecting Uyghurs to sterilization and forced labor in Xinjiang, where hundreds of thousands have been detained in “re-education camps,” a process the U.S. government considers genocide.
Where foreigners saw a horror show, security contractors saw a lucrative yet difficult business opportunity. “Everyone thinks of Xinjiang like a nice big cake…but we have suffered too much there,” an I-Soon employee complained in one internal email, according to The Guardian.
The Associated Press confirmed the leaks were real. Employees told the A.P. that Chinese police are investigating the identity of the leaker, and Google cybersecurity analyst John Hultquist speculated that the leak could have come from “a rival intelligence service, a dissatisfied insider, or even a rival contractor.””
…
“over 3.2 million files from the Iranian court system were posted to a searchable online database by a group known as Ali’s Justice, named for a Shiite Muslim saint. The files included secret orders and instructions on how to deal with some of Iran’s most well-known dissidents.
Iranian prosecutors had issued a secret list of Iranian athletes living abroad who should be arrested if they ever returned to Iran, according to Iran International, an opposition TV station based outside the country. Other documents included discussions on the “management” of the family of Mahsa Amini, an Iranian woman who died in police custody after being arrested for “bad hijab” in September 2022, the BBC reported.
“The [Amini] family is still on top of the matter and they have no intention of backing down,” a memo read. Iranian authorities have claimed that Amini died of a pre-existing medical condition rather than police mistreatment, and the memo predicted that it would be “very effective” if Amini’s father were to “reflect” on her illnesses in a “brief interview.””
…
“The hacked documents also show a fair amount of paranoia and internal discord within the Iranian government, with officials accusing each other of espionage and corruption, according to the BBC and IranWire, an investigative news site based outside the country.
Like the I-Soon leaker, the exact identity of Ali’s Justice is unclear. The group previously published security camera footage showing abuses inside Iranian prisoners in August 2021 and February 2022 and hacked into a TV station to broadcast anti-government messages in October 2022.”
“Chinese hackers have found a dangerous vulnerability in U.S. military computer networks nearly 8,000 miles from the Pentagon — on the serene South Pacific island of Guam.
They attacked essential infrastructure in the military outpost in May, infiltrating networks in the U.S. territory closest to China. Lawmakers and federal officials fear these attacks, which used a new method that allows intruders to linger undetected, could threaten security in the volatile region and sabotage any U.S. response to a Chinese invasion of Taiwan.”
…
“Officials in Guam welcome the help.
“When it comes to not just cyber, but our critical infrastructure as a whole, it’s important to realize that we are isolated,” Scott said. “We have proximity to the pacing threats, and we don’t have a lot of the resources on our own to self-sustain.””
“Beijing is heading for global dominance because of its advances in artificial intelligence, machine learning and cyber capabilities, he said. Compared to China’s advancement, US cyber defences in some government departments were at the kindergarten level.
Chaillan blamed the reluctance of Goggle to work with the US defence department on AI. Chinese companies, on the other hand, are obliged to work with Beijing, and were making “massive investment” into AI without regard to ethics, he said to Financial Times.”
“The foreign hackers behind the massive cybersecurity failures dominating recent headlines had one critical strategy in common — they leased computers in the United States to burrow into their victim’s networks. Because U.S. cybersecurity systems don’t regard domestic connections as inherently suspect, the attackers were able to hide in plain sight. Like secretive investors deploying a series of shell companies and trusts to mask true ownership, Russia, China and other sophisticated nations effect cyber-maliciousness through a series of intermediary, innocuous-looking internet servers.”
…
“No government agency — even our powerful spy agencies — currently has a sufficiently agile legal authority to catch foreign cyber malefactors in the act of co-opting U.S. computer networks. The National Security Agency is allowed to surveil only foreign actors; pursuing them on the home front is the job of the FBI. But by the time the NSA notices suspicious foreign activity and hands the case off to the FBI, it’s often too late. The foreign malware might well have been injected into American networks, and the FBI investigation simply confirms that now-dormant internet servers in the U.S. were used by foreigners to stage their attacks.”
…
“The difficulty lies in resolving deeply felt concerns over any increase in government surveillance authority, no matter how important the purpose. We are also paralyzed by a sense of fatalism that cyber vulnerabilities are simply the price we pay for being online, and an erroneous belief that the Constitution stands in the way of any solution.
Most cybersecurity experts agree an effective public-private cyber information-sharing system is essential in stopping foreign cyber maliciousness before it causes too much damage. But information sharing isn’t enough; it would be hamstrung from the start if the government cannot seamlessly and quickly track malicious cyber activity from its foreign source to its intended domestic victims. If some government agency had that legal power, then it could, for example, quickly check out a domestic IP address after an alert from the NSA that the address was communicating with a suspicious overseas server. If that IP address showed questionable activity, the government and the private sector jointly could take steps to reconfigure firewalls or otherwise curtail the hack. Admittedly, this wouldn’t prevent hacks and attacks that were based on previously unknown software bugs (so called zero-day exploits). But the reality is that most large-scale hacks by foreign countries rely on already known software imperfections and hardware deficiencies.”