The United States military launched cyberattacks against Iranian missile control systems and a spy network on Thursday after Tehran downed an American surveillance drone, US officials have said.
US President Donald Trump ordered a retaliatory military attack against Iran after the drone shootdown but then called it off, saying the response would not be “proportionate” and instead pledged new sanctions on the country.
But after the drone’s downing, Trump secretly authorised US Cyber Command to carry out a retaliatory cyber attack on Iran, two officials told the Associated Press news agency on Saturday.
A third official confirmed the broad outlines of the attack. All spoke on condition of anonymity because they were not authorised to speak publicly about the operation.
US media outlets Yahoo News and The Washington Post also reported the cyberattacks.
The cyberattacks – a contingency plan developed over weeks amid escalating tensions – disabled Iranian computer systems that controlled its rocket and missile launchers, the officials said.
There was no immediate reaction on Sunday morning in Iran to the US claims. Iran has hardened and disconnected much of its infrastructure from the internet after the Stuxnet computer virus, widely believed to be a joint US-Israeli creation, disrupted thousands of Iranian centrifuges in the late 2000s.
“As a matter of policy and for operational security, we do not discuss cyberspace operations, intelligence or planning,” US Defense Department spokesperson Heather Babb told AFP news agency.
In recent weeks, hackers believed to be working for the Iranian government have targeted US government agencies, sending waves of spear-phishing emails, representatives of cybersecurity companies CrowdStrike and FireEye – which regularly track such activity – told AP.
This new campaign appears to have started shortly after the Trump administration imposed sanctions on the Iranian petrochemical sector this month.
It was not known if any of the hackers managed to gain access to the targeted networks with the emails, which typically mimic legitimate emails but contain malicious software.
“Both sides are desperate to know what the other side is thinking,” said John Hultquist, director of intelligence analysis at FireEye told AP.
“You can absolutely expect the regime to be leveraging every tool they have available to reduce the uncertainty about what’s going to happen next, about what the US’s next move will be.”
CrowdStrike shared images of the spear-phishing emails with the AP.
US Cybersecurity and Infrastructure Security Agency Director Christopher C Krebs said the agency has been working with the intelligence community and cybersecurity partners to monitor Iranian cyber activity and ensure the US and its allies are safe.
“What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network,” Krebs said.
The National Security Agency (NSA) would not discuss Iranian cyber actions specifically, but said in a statement to the AP on Friday that “there have been serious issues with malicious Iranian cyber actions in the past”.
“In these times of heightened tensions, it is appropriate for everyone to be alert to signs of Iranian aggression in cyberspace and ensure appropriate defences are in place,” the NSA said.
Tensions are high between the US and Iran once again following Trump’s move more than one year ago to leave a multinational accord curbing Iran’s nuclear ambition.
His administration has instead imposed a robust slate of punitive economic sanctions designed to choke off Iranian oil sales and cripple its economy.
On Saturday, Trump said the US would put “major” new sanctions on Iran next week. He said they would be announced on Monday.
Tehran said it shot down the US drone on Thursday after it violated Iranian airspace – something Washington denies.
Meanwhile, Iran has denied responsibility for the tanker attacks, and a top military official on Saturday pledged to “set fire to the interests of America and its allies” if the US attacks.