The Stuxnet attack in 2010 marked a turning point for Iran and significantly contributed to the professionalization of its cyber operations. Tehran was also forced to control the digital space, as the Internet had been used since 2009 for organizing and coordinating mass protests against the regime. These events prompted the regime to continually enhance and professionalize its capabilities in the cyber and information domain.
This was followed by a comprehensive restructuring of the cyber organizational structure and the establishment of new cyber units, providing Iran with new defensive and offensive capabilities in the cyber and information domain. Today, the regime possesses highly advanced cyber units covering a wide range of operations, from espionage and sabotage to influence operations. The supreme authority overseeing these units is the "Supreme Cyber Council (SCC)," which coordinates military, intelligence, and police units. The organizational structure and integration of various APT groups enable the regime to react quickly and flexibly to geopolitical developments, adjust resources, and realign objectives.
With the development of the "Iran Cloud," the government aims to restrict access to foreign websites and information. This not only enables the control of digital activities of citizens but also facilitates the targeted "shutdown of the Internet." Economic enterprises should still be able to operate while society is disconnected from international data traffic. The continued significant dependence of Iran on Western software and hardware technologies is meant to be reduced through domestic development programs and technology partnerships with Russia and China.
Germany, as a close ally of the United States and Israel, is a primary target of Iranian cyber operations. Iranian cyber units utilize various techniques to steal sensitive information, sabotage critical infrastructures, and conduct disinformation campaigns. These activities pose a significant threat to national security and economic stability. Iran operates in Germany, among other entities, with APT 42 (also known as Charming Kitten) and has political and human rights activists, media professionals, as well as women's rights activists as targets. It is anticipated that Tehran's activities in Germany will become more targeted and aggressive in the future, focusing on sabotage of critical infrastructures and espionage activities.
The analysis shows that Iran is a significant actor in cyberspace. Its capabilities and strategies are constantly evolving and pose an increasing challenge to the international community. It is crucial for Germany to strengthen its cyber defense measures and expand international cooperations to mitigate these threats.
Read the entire Facts & Findings: "Cyber-Actors: Iran – Wie Angriffe auf den Staat stark machen" here as a PDF. Please note, to date the analysis is only available in German.
Topics
About this series
The series informs in a concentrated form about important positions of the Konrad-Adenauer-Stiftung on current topics. The individual issues present key findings and recommendations, offer brief analyses, explain the Foundation's further plans and name KAS contact persons.