US hospitals and essential infrastructure are reportedly on alert, anticipating Iran-backed cyberattacks in response to the US strikes on Iran's nuclear facilities. In the days since the 21 June strikes, the US power grid’s cyberthreat-sharing monitor has reportedly begun monitoring the dark web for signs of Iranian activity, and hospital executives have been briefed by the US Federal Bureau of Investigation (FBI).
While Iran and Israel are abiding by a shaky ceasefire agreement, experts have warned that Tehran may still seek revenge against the US for its involvement in the war, beyond attacks on US bases in the region. Cyberattacks allow Tehran to target the US in a way that is not limited by the countries’ geographical distance and follows a previous pattern of the regime. The FBI blamed Tehran for a 2021 cyberattack against a Boston children’s hospital.[1]
“Iran’s kinetic retaliation is already in motion, and the digital dimension to that may not be far behind,” Adam Meyers, a senior vice president at cybersecurity firm CrowdStrike, told CNN. “This cyber element is what lets them extend their reach, and there’s an air of deniability to it.”
Department of Homeland Security (DHS) intelligence analysts have also previously warned that Iran may “target” US officials if Tehran believes the regime is at risk, according to a DHS bulletin from 22 June.
“Low-level cyber-attacks against US networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian government may conduct attacks against US networks,” DHS said in a recent public advisory.
The warnings to hospitals and essential infrastructure also came only a day before the Associated Press (AP) reported that US banks, defense contractors, and oil industry companies have come under attack by Tehran-supporting pro-Palestinian hackers. Two pro-Palestinian hacking groups claimed responsibility for attacks on over a dozen aviation firms, banks and oil companies since the US strikes, AP reported.
Iran's cyberattacks against Israel - Beyond targeting the US, Tehran may continue its war against Israel with cyberattacks. The National Cyber Directorate issued an urgent warning to homeowners with security cameras and business owners to immediately change their camera access passwords on Friday morning, ahead of the US attacks. "The enemy may use home cameras for espionage and detecting vulnerabilities," the Directorate’s official statement cautioned.
Since the warning, the Iranian group Handala claimed responsibility for the 22 June hacking of the X/Twitter account of the Israel Antiquities Authority. The activists made a post on the Israel Antiquities Authority's X page, with a picture of an Iranian missile and Supreme Leader Ayatollah Ali Khamenei, along with text that read "Soon, all Israeli commanders will face the consequences of their war crimes. Nothing will stop the day when a harsh revenge is exacted on those who have committed such heinous acts."
Handala has previously claimed responsibility for cyberattacks against Israel. In January, the Iranian group claimed responsibility for breaching the emergency systems of Maager-Tec at 20 kindergartens across Israel, playing rocket sirens, Arabic messages, and songs that support terror.
Handala is a cyber hacking group that has consistently targeted Israeli infrastructure and entities. Known for its advanced techniques and strategic objectives, Handala has been responsible for numerous cyberattacks aimed at disrupting Israeli systems and sending politically charged messages. Their operations often involve breaching security protocols, taking control of digital assets, and publicizing their attacks to instill fear and propagate their ideological stance.
This article is shared with permission at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.jpost.com/middle-east/iran-news/article-858910
Comments