Iran ready to launch cyber attacks against the west, warn threat intelligence specialists

Iran to respond to sanctions with a new wave of cyber attacks on banks, governments and critical infrastructure

Iran is gearing up to launch a new wave of cyber attacks against Western government organisations and businesses.

To do this, it has developed a sophisticated 'hacker hierarchy' over the years to respond to international sanctions or provocations with offensive cyber campaigns.

These are the claims of Levi Gundert, vice president of intelligence and strategy at threat-intelligence firm Recorded Future. He describes the situation as a "continuous effort" from Iran to undermine its enemies.

Since 2009, the country's government has been using proxies and front organisations to launch cyber attacks on enemies in a bid to achieve its foreign policy goals.

Typically, they use a tiered approach that is managed by an ideologically and politically trusted group of middle managers

The news comes as the country faces renewed sanctions over fears that the country is still illegally developing nuclear weapons, despite an international agreement signed in 2015.

Now, according to Recorded Future, Iran could respond to new international sanctions by launching a string of cyber attacks on Western businesses. It claims this could happen "within months".

In a new report, Gundert writes that these attacks are likely to target economically valuable areas, such as banks and financial services, as well as government departments, critical infrastructure providers, and oil and energy.

Over the years, the country has developed a "deliberate" and "methodical" cyber attack approach, Gundert claims. The research claims it still uses this technique, but will have to rely on less trusted contractors instead.

"We assess that staffing these operations with less trusted contractors could result in a scenario where the Islamic Republic has difficulty controlling the scope and scale of the destructive cyberattacks once they have begun," explained the researchers.

According to a former Iranian hacker, more than 50 contractors could be involved in these attacks. "But only the best individuals or teams succeed, are paid, and remain in business," explained the firm.

Typically, they use a tiered approach that is managed by an ideologically and politically trusted group of middle managers.

"This creates a quasi-capitalistic system that pits contractors against each other for influence with the Iranian government," say the researchers.

Because the Iranian government operates with the frame of mind that nobody can be trusted, individuals with the best offensive cyber capabilities are normally mutually exclusive.

"According to Insikt Group's source, to find and retain the best offensive cyber talent, Iranian government contractors are forced to mine closed-trust communities," wrote the research team.

"The links between the forums and contractors may illustrate that the trust communities begin with the Iranian security forums."