In today's interconnected world, the threats we face are not only physical, but also digital, insidious and far-reaching.
Among these threats, the Islamic Republic of Iran stands out as a relentless and insidious adversary. Recent analyses, such as a May 2023 Atlantic Council report, have revealed Iran's strengthening cyber capabilities aimed at disrupting state functions and targeting individuals around the world. This threat is of particular concern to the Jewish diaspora, whom Iran targets as part of a broader plan encapsulated in the terrifying slogan, “Death to America, Death to Israel.”In 2022, I warned that Tehran was closely scrutinizing the UK Jewish community ahead of planned attacks on Israel and Jewish people around the world. This warning, later confirmed by UK Security Minister Tom Tugendhat, underscores the ongoing and evolving threat posed by Iranian cyber activities. These threats should not be dismissed as overblown or exaggerated; they reflect a reality that can no longer be ignored. Wishing the problem would go away does not make it any less real and urgent.
A February 2024 Cyfirma report highlighted Iran's increasing emphasis on cyber warfare amid rising tensions with the United States and Israel. Iran's Revolutionary Guard Corps (IRGC) has adjusted its strategy, scaling back its overt military presence in Syria and Iraq while stepping up its cyber operations. This shift is intended to put the United States in the difficult position of having to constantly counter Iranian proxy attacks and risk a broader conflict.
Previous targets of Iranian hackers
Consider the November 2020 targeting of U.S. election infrastructure by Iranian hackers. Though thwarted by efforts by the U.S. military and the Department of Homeland Security, the attack highlighted Iran's ability and willingness to undermine Western democracies through cyberwarfare. Microsoft has since issued warnings about Iran's increasingly sophisticated tactics and highlighted Iran's role in cyber-enabled influence operations.
Iranian influence has also extended to Europe, using criminal organizations to target Israeli and Jewish sites. According to a May 2024 report by Al-Monitor, Mossad revealed that Swedish crime organizations FOXTROT and RUMBA were hired by Iran to carry out attacks. These groups have been implicated in recent incidents, including a grenade attack on the Israeli embassy in Brussels and a shooting near the Israeli embassy in Stockholm. This is especially worrying given that the Olympics are just around the corner in Paris, already raising security concerns.
Iranian cyber operations are not limited to national infrastructure, but also target the Jewish diaspora. These operations include harassment campaigns and attempts to infiltrate and intimidate individuals. According to a 2023 ProofPoint report, Iranian operatives use false identities to lure targets into dangerous situations that could lead to kidnapping. This strategy highlights a broader effort to destabilize and terrorize Jewish communities around the world.
This threat is not limited to Jewish communities or Western capitals.
The Gulf Cooperation Council (GCC) countries, especially Saudi Arabia, are at great risk. Saudi Arabia and its allies that refused to be absorbed into the Shiite Crescent remain targets of Iran. Tehran's jurists consider any opposition to their influence to be crushed. The regime does not tolerate contestation and seeks to subjugate all nations, either by slowly absorbing them or by responding with force if they resist.
CYFIRMA's report highlights that Iran's cyber capabilities are among the most advanced in the world. Operations targeting critical infrastructure in the US, UK and other Western countries are part of a broader strategy to influence and destabilize Western societies without direct military involvement. Iran's cyber activities include attacks on the oil industry, government institutions and critical infrastructure, as seen in attacks on the Saudi Ministry of Defense and water treatment plants in Israel and the US. These operations demonstrate that Iran has the capability to disrupt vital services and cause widespread disruption.
Given the scale and sophistication of these threats, it is urgent that the Jewish Diaspora, particularly NGOs, academic institutions, religious organizations and businesses, become more resilient against such attacks.
Similarly, GCC countries must strengthen their cybersecurity defenses; failure to do so could lead to devastating data breaches and physical attacks. Strengthening cybersecurity measures and fostering a culture of vigilance is essential to mitigating the risks posed by Iranian cyber activities. Recent examples of cyber attacks highlight the need for robust security frameworks and proactive strategies to protect vulnerable communities and institutions.
In a recent interview, Anthony Burgess, Director of AntTechCS, emphasized the need for individuals, organizations and businesses to invest heavily in home network security. Burgess noted that the home network forms the basis of the entire home cyber infrastructure, including routers, modems, switches and Wi-Fi access points. Securing the home network requires not only implementing robust security measures but also leveraging the services of cyber specialists to build capabilities and ensure resilience. As cyber threats become increasingly sophisticated, Burgess stressed that protecting the home network is of utmost importance, as vulnerabilities in this area can lead to significant data breaches and security risks.
Iran’s investments in its cyberwarfare program are a testament to its strategic thinking and effectiveness. Iran’s cyber activities aimed at destabilizing Western capitals, targeting Jewish communities, and intimidating GCC states are clear threats to national security and societal stability. As these threats continue to evolve, so must strategies to counter them. A focus on resilience and preparedness will enable the Jewish diaspora, GCC states, and Western societies to more effectively defend themselves against the growing threat of Iranian cyberwarfare.
This analytical approach highlights the importance of understanding and addressing the multifaceted nature of Iran's cyber strategy and preparing communities and institutions to withstand and respond to these challenges. Only through vigilance, preparation, and strategic foresight can we defend against such a widespread and evolving threat.
The author is Secretary General of the Forum on Foreign Relations.
