Get in Touch
Global Cyber Threat Series: Middle East
Published: 9th February 2024 | In: Insights
Following the initial invasion of Israel by the Hamas militant organisation on 7th October 2023, which was also known as ‘Operation Al-Aqsa Flood’, Iranian state-aligned threat actors launched a series of cyber operations to support their “Shadow War” against Israel. This has primarily involved targeting Israeli government entities and critical national infrastructure (CNI), as well as its geopolitical allies and business affiliates.
In short, Israel became the primary target of a suite of cyberwarfare tactics involving a combination of destructive cyber-attacks and influence operations (IO) which Iran implemented in a multi-phased approach, impacting both public and private sector entities.
Iran’s cyber operation trends
Since the Hamas incursion, the Quorum Cyber Threat Intelligence team has detected the following trends relating to Tehran-aligned cyberattacks and IO.
Cyber-attacks
- A shift towards a more proactive operational approach against Israeli entities as opposed to the reactive posture that was adopted following the initial Hamas invasion.
- A surge in coordinated Iranian advanced persistent threat (APT) unit activity within Israel throughout Q4 2023 – Q1 2024.
- An expanded scope and enhanced sophistication of offensive cyber operations targeting regions perceived to be supportive of Israel, such as Albania, Bahrain, the UAE and the US.
- Iranian state-sponsored ransomware deployment against Israeli CNI and military assets.
- Iranian APT unit targeting Middle Eastern affairs experts in the Western education sector.
Influence operations
- A surge in cyber-enabled IO with misleading claims regarding overall impact on target entities.
- Iranian state-aligned IO, launched by Cotton Sandstorm, masquerading as Tehran’s allies, including the Izz ad-Din al-Qassam Brigades (IQB) Hamas military division
- The leverage of artificial intelligence (AI) through social media to manipulate Israeli citizens to engage in on-the-ground activities.
- Psychological warfare via the utilisation of standard message service (SMS) and email delivery to exaggerate the claims of Tehran-aligned cyber operations.
Iran’s campaign of cyber-attacks and operations began on 18th October 2023 and continues today.
Targeting Timeline
The following timelines outlines significant cyber operations that have been launched in alignment with the ongoing Middle East conflict.
Threat actor objectives
It has been assessed to be highly likely that Iran-aligned state actor operations have been launched to undermine Israel and its allies within the cyber domain. Other goals include attempting to create socio-political divisions within target sets perceived to be in opposition to the Iranian government, retaliation against Israeli CNI assets in response to claims that Israel would cut off energy supplies to the Gaza region, and intimidation of Israeli allies and citizens. Furthermore, Iran wants to diminish any support to Israel by emphasising the damage caused by Israel counter operations against Gaza.
Iranian proxy groups
As the Middle East conflict has progressed, collaborated efforts have been observed by Iranian proxy groups (also known as the ‘Axis of Resistance’ alliance). These operations have likely been implemented in a coordinated fashion allowing for numerous threat actors to contribute towards the completion of common objectives, without the need to depend on a single toolset.
Join our Threat Intelligence webinar to learn more
For our full intelligence assessment regarding Iran-aligned state actor operations and the impact of the ongoing Middle East conflict within the cyber domain, tune in to our upcoming “Global Cyber Threat Series: Middle East” webinar, scheduled for Wednesday 20th March 2024. We’ll explain which industry sectors and organisations could be targeted and why.
While you wait why not download our newly released Threat Intelligence Outlook 2024, this covers an overview of the threats in 2024, download today!
