Asset Publisher

Adobe Stock / Alexey Novikov

Facts and Findings

Cyber-Actors: Iran

How Attacks Strengthen the State

Iran has become a major player in the cyber and information space. Through events such as the Stuxnet attack 2010 and the organization of opposition groups through the Internet, the state has expanded its cyber capabilities. Today, Iranian cyber units have a wide range of operations at their disposal, including espionage, sabotage and influence operations. As an ally of the USA and Israel, Germany in particular is in focus of Iranian cyber operations and must be prepared for a wide range of threats.

Asset Publisher

The Stuxnet attack in 2010 marked a turning point for Iran and significantly contributed to the professionalization of its cyber operations. Tehran was also forced to control the digital space, as the Internet had been used since 2009 for organizing and coordinating mass protests against the regime. These events prompted the regime to continually enhance and professionalize its capabilities in the cyber and information domain.

This was followed by a comprehensive restructuring of the cyber organizational structure and the establishment of new cyber units, providing Iran with new defensive and offensive capabilities in the cyber and information domain. Today, the regime possesses highly advanced cyber units covering a wide range of operations, from espionage and sabotage to influence operations. The supreme authority overseeing these units is the "Supreme Cyber Council (SCC)," which coordinates military, intelligence, and police units. The organizational structure and integration of various APT groups enable the regime to react quickly and flexibly to geopolitical developments, adjust resources, and realign objectives.

With the development of the "Iran Cloud," the government aims to restrict access to foreign websites and information. This not only enables the control of digital activities of citizens but also facilitates the targeted "shutdown of the Internet." Economic enterprises should still be able to operate while society is disconnected from international data traffic. The continued significant dependence of Iran on Western software and hardware technologies is meant to be reduced through domestic development programs and technology partnerships with Russia and China.

Germany, as a close ally of the United States and Israel, is a primary target of Iranian cyber operations. Iranian cyber units utilize various techniques to steal sensitive information, sabotage critical infrastructures, and conduct disinformation campaigns. These activities pose a significant threat to national security and economic stability. Iran operates in Germany, among other entities, with APT 42 (also known as Charming Kitten) and has political and human rights activists, media professionals, as well as women's rights activists as targets. It is anticipated that Tehran's activities in Germany will become more targeted and aggressive in the future, focusing on sabotage of critical infrastructures and espionage activities.

The analysis shows that Iran is a significant actor in cyberspace. Its capabilities and strategies are constantly evolving and pose an increasing challenge to the international community. It is crucial for Germany to strengthen its cyber defense measures and expand international cooperations to mitigate these threats. 

Read the entire Facts & Findings: "Cyber-Actors: Iran – Wie Angriffe auf den Staat stark machen" here as a PDF. Please note, to date the analysis is only available in German.

Asset Publisher

Contact

Ferdinand Alexander Gehringer

Ferdinand Alexander Gehringer

Homeland and cyber security

ferdinand.gehringer@kas.de +49 30 26996 3709

comment-portlet

Asset Publisher