Russia-linked hackers appear on Iran warâs cyber front, but their impact is murky
Russia-linked hackers appear on Iran warâs cyber front, but their impact is murky
Some experts question the significance of pro-Russia âhacktivistâ groups.
Apparent Russia-linked hacking collectives backing Iran have been observed joining the cyber activity unfolding alongside the U.S.-Israel war against Iran, though analysts have mixed views on whether their involvement represents a meaningful escalation or little more than online noise.
The outlook on such âhacktivistâ groups â hackers who attempt to penetrate systems and steal information for political activism â comes days after The Washington Post reported that Russia is supplying Iran with intelligence to help target U.S. forces in the Middle East and adds another dimension to the already complex cyber and information environment surrounding the war.
One well-known pro-Russia group dubbed âNoName057(16)â recently claimed massive distributed denial-of-service attacks against Israeli defense contractors and also claimed to have gained full access to the human-machine interfaces of Israeli water management systems, said Kathryn Raines, a cyber threat intelligence team lead at cybersecurity firm Flashpoint. But company analysts have not verified these claims, she said.
Distributed denial-of-service hacks, known colloquially as âDDoSâ attacks, overwhelm websites with large amounts of artificial internet traffic to stop legitimate users from accessing them.
CrowdStrike has similarly observed a surge in pro-Iran hacktivists with ties to Russia. In the first few days after the war broke out on Feb. 28, one Russia-aligned hacktivist group the company dubs âZ-Pentestâ claimed responsibility for compromising several U.S.-based entities, said Adam Meyers, the companyâs head of counter adversary operations.
Those claims are also unverified, though âWestern organizations should continue to remain on high alert for potential cyber response as the conflict continues and activity may move beyond hacktivism and into destructive operations,â he said.
The United States has long supplied Ukraine with intelligence and equipment to strike Russian targets within its borders. Now, as the war unfolds in Iran, Moscow could be seizing its own opportunity for retaliation by aiding Tehran.
âRussia is comfortable providing some proxy support to Iran, or at least taking advantage of an unstable situation,â Cynthia Kaiser, a former deputy director at the FBIâs Cyber Division, said in a LinkedIn post this weekend. âExpect exaggeration, but don't dismiss the underlying access. These groups regularly inflate the impact of their attacks for media attention. But they have caused real physical damage to critical infrastructure. Calling their bluff shouldn't mean ignoring the threat.â
âRussia has a variety of partner engagements with Iran that could prompt Moscow to get involved in the conflict, particularly if Russia perceives that U.S. military operations dragging out would further pull the White Houseâs focus from Ukraine,â said Justin Sherman, founder and CEO of Global Cyber Strategies, a Washington, D.C.-based research and advisory firm.
The Kremlinâs vast and complex cyber ecosystem allows it to leverage state elements, hired or coerced cybercriminals and patriotic hackers encouraged by propaganda to pursue its goals, Sherman said, explaining that âone of the benefits of Russiaâs cyber web for the state is how the Kremlin can pick and choose its actors and capability sets as it pleases, depending on its needs.â
In a recent case, Russian state-backed groups initiated a massive global campaign targeting the Signal and WhatsApp accounts of officials, military personnel and civil servants, Dutch intelligence said Monday.
But Sherman said that attributing Russian-origin cyber operations is complex, and that analysts should try to examine which parts of Vladimir Putinâs government may have authorized an operation to better understand how Moscow would be aiding Iran in cyberspace.
Some are skeptical that Russia sharing targeting intelligence would translate directly into cyber support for Tehran.
âRussia providing intelligence assistance to the Iranian government to support kinetic strikes, and the idea of Russian cyber actors as implied by the conventional use of the phrase â i.e., those with a nexus to the Russian state â âjoining the cyber aspect of this conflictâ are two very different things,â said Alex Orleans, a former National Security Council contractor and head of threat intelligence at Sublime Security.
âI have not encountered Russian APTs inserting themselves into a conflict to support a third-party and Iâd be surprised if they did now,â he said, referring to âadvanced persistent threatâ groups that are typically well-resourced, highly skilled and backed by a nation-state.
Other analysts have not publicly attributed any hacktivist activity to a particular nation.
âWhile we have observed some initial hacktivist groups supporting the Iranian regime, these activities are in the very early stages. There is currently no clear indication that this is being directed by a state actor like Russia or Iran, and it remains difficult to verify,â said John Fokker, vice president of threat intelligence at Trellix. âThat said, in any geopolitical conflict, it is common practice for involved countries to provide aid in various forms.â
Iranâs cyber capabilities have likely diminished in recent days, said Dave DeWalt, CEO of NightDragon, a venture capital firm that manages a portfolio of cybersecurity companies.
âWeâve been monitoring almost every actor and every indicator of compromise that we possibly can, and we've seen next to zero activity ⌠and thatâs largely because we believe that most of their cyber operations have been dismantled physically,â he said in an interview.
Israel said last week it destroyed Iranâs cyberwarfare headquarters, though itâs not immediately clear how much effect thatâs had on its cyber operations.
âWeâve seen little activity from [Iran] globally, that doesnât mean that itâs completely dismantled,â DeWalt said. âI donât have full confirmation, but I would tell you it certainly looks like no other case I've seen in 20 years, where weâve seen such silence in the digital world from [Iran].â
Asked about whether China and Russia are sharing capabilities with Iran at this point, he said those nations may be keeping their distance, but thereâs possible sharing of satellite, electronic warfare and radar-jamming services. âI would not be surprised at all,â he said.
How it works
Once you click Generate, Ollama reads this article and crafts 5 comprehension questions. Your answers are graded against the article content â general knowledge won't be enough. Score 70+ to count toward your certificate.
Questions are cached â you'll always get the same 5 for this article.