Post-Soleimani, Iran is a Major Cyber Threat to the U.S., Europe, and the Middle East
An overview of recent public unrest in Iran and the elimination of Qasem Soleimani
Civil unrest in Iran has been mounting for the past several months. Sparked by an increase in fuel prices on November 15, 2019, demonstrations grew into nationwide anti-government protests. The regime’s response to protestors was brutally violent. The United Nations reported that at least 208 people were killed, including 12 children.
Additionally, at least 7,000 protesters have been arrested. Amidst the crackdown, the Iranian government cut off internet access for almost a week, probably in an attempt to prevent the global dissemination of information and videos of the civilian protests and (or) the human rights abuse by the government. This may indicate the degree to which the Iranian government was in a panic by deciding to shut down the internet and its access for its people. However, with complete disregard for its own economic slowdown, the head of Iran’s Islamic Revolutionary Guard Corps threatened the U.S. and its allies, including Middle Eastern nations, while addressing a demonstration denouncing the anti-government protests that took place in November 2019. However, anti-government protests were further gained further traction after Iran shot down “mistakenly” a Ukrainian passenger jet, killing all on board.
In general, setting aside the Islamic Republic’s nuclear ambitions, the Iranian threat have always been present to the U.S., EU and, the majority of Arab Middle Eastern states, especially with the Iranian involvement and proxy roles that it orchestrated in Syria, Yemen, Lebanon, and Iraq. However, amid the civil unrest that Iran experienced recently, the Iranian threat has been getting more imminent. The recent U.S. targeted operation that eliminated General Qasem Soleimani and Abu Mahdi al-Muhandis can be viewed as a strategic countermeasure to the rising Iranian threat or as a deterrence against further Iranian aggression. Soleimani was considered to be Iran’s most powerful military general and was the leading commander of the Quds force, the Islamic Revolutionary Guard Corps (IRGC) unit responsible for extraterritorial operations.
The IRGC actively supports non-state actors and militia groups in several countries. This includes Shiite militias in Iraq and Syria, Houthis in Yemen, Hamas, and Palestinian Islamic Jihad groups in Gaza Strip and the West Bank, as well as the Lebanese Hezbollah. It is worth to indicate that mos oft—if not all—the groups above are designated as terror groups internationally. Generally speaking, Soleimani spearheaded the Iranian clandestine operations in the Middle East. On the other hand, the Iraqi-Iranian Jamal Jaafar Ibrahimi (a.k.a Abu Mahdi al-Muhandis) was the leader of the Iranian sponsored Shiite militia group “Kata’eb Hezbollah” operating from Iraq as well as “al Hashd al Shaabi”. Al- Muhandis is believed to have played a key role in smuggling armaments to his militias in Iraq from Iran.
Though debatable in terms of the extent of the strike’s impact, the elimination of such two key figures that lead the Iranian influence in the region is definitely a strategic win for the U.S. and its allies, especially Middle Eastern partners that see Iran as a direct threat. In a similar vein, the former commander of U.S. Central Command and CIA director retired General David Petraeus stated that the killing of Soleimani is more significant than the killing of Bin Laden or ISIS leader Abu Bakr al-Baghdadi. Yet, many would argue that Iran would aggressively retaliate and that risks may outweigh the potential rewards of killing Soleimani as indicated in an interview with former UN ambassador and former U.S national security advisor, Susan Rice. Already after only a few hours of the U.S. operation that eliminated Soleimani, Iran’s supreme leader Ali Khamenei announced a successor to Soleimani, Esmail Ghaani promising a “crushing revenge”.
Furthermore, Iranian President Hassan Rouhani tweeted that Iran will take revenge. Though such reaction would be probably anticipated for prior to the conduction of a high level operation that eliminated Soleimani and while arguments are developing on how Iran may retaliate against the U.S. and its allies, some strategists believe that Iran cannot risk an “all-out” war and that the options Iran have for revenge appears to be narrow. The latter is also in-line with Gen. Petraeus view that Iran’s “very fragile” situation may limit its response. However, targeting Erbil base in northern Iraq and Ain al-Asad airbase in the province of Anbar with ballistic missile strikes, Iran did militarily retaliate against U.S. forces in Iraq on 8th of January 2020. However, no fatalities were reported, which might further confirm Iran’s weak status of its conventional military capabilities as well as assumptions that Iran cannot risk full-scale conflict, given its fragile economy and military. Despite Iran’s shortcomings, it is possible that the Iranian missile strikes might have been intended only to provide a false sense of security to the U.S. and its allies that Iran’s military is in a weak position, while actually Iran may be planning an asymmetrical response, which it has long history of doing.
In any case and in preparation to possible confrontation scenarios, the U.S., EU and Middle Eastern allies should definitely step up their intelligence cooperation collectively in order to counter and mitigate any asymmetrical warfare risks posed by Iran’s military, paramilitary groups and militias. Especially militias which are used as a proxy actors by Iran in Syria, Iraq, Yemen, and Afghanistan. Such collective transnational intelligence cooperation would certainly support the U.S. and its allies intelligence, law enforcement, and military agencies to mitigate potential risks and eliminate any potential threat on an international, regional, and domestics scale. Such potential risks from Iran can have diverse forms. These includes but not limited to:
- Risks for the shipping and oil industry across the Strait of Hormuz, especially considering that almost 21% of the global petroleum shipments flow through this region. That said, Iran already has history of harassing shipping vessels and oil tankers passing by Hormuz Strait. That said, it is expected that western and GCC militaries would increase its navy presence in the area to ensure the safety of transiting ships. In this respect, we can already see that the U.K. is deploying navy ships to protect ships passing through the Hormuz Strait as announced in a statement by the U.K. defense minister Ben Wallace.
- Iraq’s civilian and political unrest, due to the fact that almost 66% of the Iraqi population are Shiite Muslims whom probably might sympathize more towards Iran, where Shiite Muslims comprise 90 percent of the population. That said, violent reactions may take place between Shiite militias in Iraq and organizations and businesses associated originating from the U.S. and allied nations. Therefore, the economic situation of Iraq might get worse as a result of western companies evacuating from Iraq fearing an increase in escalation.
- The possible resurgence of ISIL/ISIS (a Sunni Muslim group) in Iraq as a result of the political instability and the western military vacuum Iraq may face. Furthermore, ISIS may possible attempt to use the opportunity to rebrand themselves as actors against the Iranian interests in Iraq. Additionally, the Iraqi armed forces alone might not be able to counter such feared resurgence which would then have serious negative implications on regional neighboring countries especially that we can already see that the NATO suspended its training of Iraqi soldiers over security concerns. Similar action was taken by the U.S. as well amid the recent Iran tensions. This might create an additional challenging front of countering the ISIL/ISIS resurgence threat in Iraq.
- Exposure of the western companies to security risks in countries where Iran have a control of militias. These include Iraq, Yemen, Syria, and Southern Lebanon.
- Iran’s breach or deviation from the Joint Comprehensive Plan of Action 2015 agreement (JCPOA), or as more publicly known, the “Nuclear Deal”. Such action by Iran can be possibly viewed as a measure to exert pressure on the EU in order to compel the latter to influence the U.S. to return to the negotiations table. In fact, Iran’s President Rouhani announced that the country is enriching more uranium than it was before the 2015 JCPOA agreement. Recently, the U.K., France, and Germany triggered the dispute mechanism that can lead to sanctions on Iran by the United Nations in response to Iran’s violation of the agreement. While unlikely, given Iran’s willingness to violate limits on uranium enrichment and utilize advanced centrifuges, the Islamic Republic could—theoretically, should it decide to enrich weapons-grade uranium—be on track to posess a nuclear bomb in less than twelve months.
- The risk of regional war as a result of the escalation and retaliation scenarios that Iran might adopt including the recent irresponsible behavior of the JCPOA violation which is neither acceptable to the regional nor international community.
Though all the above mentioned risks are so far hypothetical and experts believe that Iran’s retaliation options are limited to its usual pattern of asymmetrical warfare and proxy confrontations. Yet, a clearly critical Iranian threat that is most probably a more imminent threat due to its nature of having a much broader attack surface than a physical conventional threat is the cyberthreat. Cyberwarfare is typically asymmetrical, and confrontation in cyberspace can provide its perpetrators a degree of plausible deniability and possible anonymity while at the same time inflicting severe cyber-damage upon its victim. Furthermore, cyber-attacks can easily be global in nature and negatively impacting millions of citizens worldwide.
Over the past decade, Iran have been categorized as one of the most malicious internet actors with an increasing level of sophisticated cyber weapons, which can be a multiplying power in asymmetrical warfare. That said, Iran has a rich history with regards to its illicit hacking and cybercriminal groups targeting critical infrastructures and industrial control systems globally. These groups include APT33, APT39, Charming Kitten, Cleaver, Copykittens, Group5, Leafminer, Magic Hound, MuddyWater, and OilRig. Most of these groups have a history of targeting governments globally as well as private sector industries. Each of these previously mentioned Iranian linked groups have their own identified tactics and techniques. Given the history of attacks of these groups, especially those with a widescale sabotage and destruction motive, we can clearly state that after the recent events, the Iranian cyberthreat level can be equally high to governments (including military infrastructures) as well as private sector industries. Thus, if any organization is part of a critical function or a strategically important sector, then it is crucial to immediately reassess its cyber defenses against the methods leveraged by Iranian linked groups.
Furthermore, many of these groups primarily utilizes large scale phishing campaigns as well as targeted spear-phishing as their entry mode to the targeted victim. Accordingly, it is essential that organizations raise the cyber awareness and vigilance level of their employees in an attempt to minimize human error when countering a possible cyber threat over the coming months in wake of the likely reaction scenarios that Iran may adopt. Additionally, cyber intelligence analysts should increasingly monitor any potential cyber-attack disguises where Iranian hacking groups might utilize the hacking tools utilized by their Russian or Chinese peers in a possible attempt to enlarge the cyber confrontation and involve other notorious hacking groups of different origins.
Finally, while warnings and alerts are already elevated concerning the current Iranian cyberthreat, it is possible from a strategic security perspective and deception doctrine that Iran may be only luring the U.S. and its allies into believing that it will not, not does it intend to engage in any impactful cyber operations. In actuality, the Islamic Republic might be only waiting for the right moment to launch a sophisticated campaign of cyber-attacks. Thus, a cybersecurity-centric culture should be embedded and embraced at all levels of any organization to manage and mitigate the risk of geopolitical cyber threats .
Mohamed ELDoh is a business development and consulting professional in the security and defense sector. Mohamed holds an MBA from the EU Business School, an Advanced Certificate in Terrorism Studies from the University of St Andrews, and is a doctoral candidate at the Grenoble École de Management, where he researches strategy and online behavior.