Amidst rising tensions after the United States killed Qassem Soleimani, the chief of Iran’s Quds Force, in a drone strike in Baghdad last week, security experts and U.S. government officials warn that Iran may retaliate with cyberattacks.
Iran-based attack groups have expanded their digital offensive capabilities significantly since 2012, when they launched crippling distributed denial-of-service attacks against financial services companies. Since then, the cybersecurity arm of Iran’s Islamic Revolutionary Guard Corps, and private sector contractors acting on behalf of the government, have added tools to their arsenals.
Those tools enable attackers to execute account takeovers and spear phishing campaigns to steal intellectual property and sensitive information, and include destructive malware designed to disrupt operations, according to the National Cyber Awareness System alert issued by the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) earlier this month.
Iran has also “demonstrated a willingness” to use wiper malware, CISA said in its 6 January alert. Wipers refer to a category of malware which erase the contents of the hard drive of an infected machine and then destroy the computer’s master boot record to make it impossible for the machine to boot up again. Just like any other type of malware, wipers rely on various methods for the initial infection, and once in, can steal information or execute unauthorized code. The difference is that wipers don’t care about being stealthy because the primary purpose is to render the machine unusable.