This post is also available in: עברית (Hebrew)
According to a recent Microsoft Treat Intelligence report, multiple Iranian state groups have turned to cyber-enabled influence operations more regularly since June 2022 to boost, exaggerate, or compensate for shortcomings in their network access or cyberattack capabilities.
According to Microsoft, Iran has accelerated its operations since last June. The company linked 24 unique operations to the Iranian government and said the rise could be partly attributed to better detection capabilities.
The rise has also corresponded with the decline of ransomware and wiper attacks linked to the Islamic Revolutionary Guard Corps (IRGC), as reported by Cyber News.
“The IRGC’s latest string of cyber-enabled IO in the last year has leveraged low-impact, low-sophistication cyberattacks, such as defacements, which are less time and resource intensive, while dedicating more effort to its multi-pronged amplification methods,” Microsoft said.
“While lagging behind their Russian and Chinese counterparts in sophistication, Iranian nation state actors have added some new tools and techniques to their arsenal,” the company said.
“Iran is likely to continue leveraging its newfound penchant for cyber-enabled IO to keep pace with external pressure, in part to overcome shortcomings in its cyber threat capabilities relative to the attacks it has faced. At the same time, Iranian cyber actors are likely seeking greater cyberattack capabilities to achieve the regime’s desire for proportional retaliation,” Microsoft concluded.
According to statistics detailed in the abovementioned Microsoft report, approximately 23% of all cyber operations carried out by Iranian state-sponsored actors targeted the state of Israel, with 13% targeting the United States. The United Arab Emirates quickly follow with 8% and Saudi Arabia standing at 5%.