Iran war: What role is cyber warfare played in Iran?

The digital battlefield is as crucial as the physical one in the escalating conflict involving Iran, with the United States and Israel employing a sophisticated array of cyber warfare tactics to achieve strategic objectives. While conventional military actions are openly showcased through glossy social media campaigns and press conferences, the realm of cyberspace remains a more clandestine domain, with official mentions of cyber operations notably scarce. However, the silent but potent impact of cyber warfare is undeniable, a fact recently alluded to by Admiral Brad Cooper, commander of US Central Command, who stated, "We continue with strikes into Iran from seabed to space and cyber-space." This admission underscores the multi-dimensional nature of modern conflict, where digital incursions are as integral as missile launches and aerial bombardments.

The role of cyber warfare in this conflict extends far beyond the immediate strikes, playing a significant part in the crucial "pre-positioning" phase that precedes overt military action. General Dan Caine, chairman of the joint chiefs of staff at the Pentagon, highlighted the extensive planning involved in preparing the "target set" for strikes, a process that often spans months, if not years. This meticulous preparation likely involved US and Israeli cyber operators infiltrating key Iranian computer networks long before any physical attacks were contemplated. High-priority targets would have included networks controlling air defence systems and military communications, aiming to blind and deafen Iran’s defensive capabilities.

Evidence suggests that Israel, in particular, has leveraged cyber means for extensive surveillance. Unnamed sources speaking to the Financial Times revealed that CCTV and traffic cameras were compromised to establish a vast surveillance network. This enabled the creation of detailed "patterns of life" for key figures like Ayatollah Ali Khamenei and his commanders, providing critical intelligence for the strike that reportedly killed him. Sergey Shykevich, a threat intelligence expert at cybersecurity company Check Point, noted the growing significance of internet-connected cameras as targets in cyber warfare, stating they "offer real-time situational awareness of streets, facilities, and movement at very low cost." This data, combined with traditional human intelligence, offers a powerful, layered approach to reconnaissance and targeting. Tal Kollender, a former Israeli military cyber-defence specialist and founder of cybersecurity platform Remedio, aptly described cyber operations as a "force multiplier that helps shape the information environment and supports operations happening on the ground," rather than a decisive weapon on its own.

In the immediate aftermath of the initial strikes, operatives from US Cyber Command and US Space Command were described by Gen Caine as the "first movers," tasked with disrupting Iran’s ability to "see, communicate and respond." While not officially confirmed, speculation abounds that mobile phone towers were jammed or shut down to prevent early warnings from reaching the Ayatollah’s security apparatus, a tactic observed in other conflicts like the war in Ukraine. US Defence Secretary Pete Hegseth further elaborated on this disruption, boasting that members of the Iranian military "can’t talk or communicate, let alone mount a coordinated and sustained offensive." These remarks echo President Trump’s earlier praise for the operation to abduct Venezuelan President Nicolas Maduro, where he claimed cyber forces rendered "our adversaries blind and uncomprehending during a flawless military operation."

Israel’s cyber offensive has also targeted civilian infrastructure, albeit with a psychological dimension. Reuters reported that a popular Iranian prayer-timing app, BadeSaba, with five million downloads, was allegedly hacked by Israel. A push notification was sent to users as bombs began to fall, stating, "help has arrived," a move likely intended to sow confusion and fear. Secretary Hegseth continues to emphasize the ongoing mission of "hunting for more systems to kill," a task where cyber operations are likely playing a pivotal role. The use of open-source intelligence, satellite imagery analysis, and cyber-espionage to locate military targets in Iran is probable. The increasing integration of Artificial Intelligence (AI) tools in this process is also a significant factor, hinted at by Hegseth’s praise for an intelligence operative who was "iterating on how we target and how we find and fix different aspects of what the Iranians are trying to do."

The secrecy surrounding cyber operations in this conflict is a deliberate strategy, rooted in the historical nature of cyber warfare. Both the US and Israel have a well-documented history of significant cyber attacks against Iran, with officials remaining notably cagey about details. The infamous Stuxnet hack on Iran’s uranium enrichment facilities in 2010 is a prime example, with its specifics still largely undisclosed. Kollender explains this reticence by stating, "If a country openly describes its capabilities or specific operations, it risks revealing techniques, access points, or intelligence sources that could be shut down quickly by adversaries." The efficacy of cyber capabilities often hinges on the adversary’s lack of precise knowledge about their workings.

Despite this inherent secrecy, Dr. Louise Marie Hurel from the Royal United Services Institute has expressed surprise at the level of disclosure from the US. She argues that the current conflict presents an opportunity to normalize the discussion of cyber warfare, aligning it with conventional military actions. "This is an opportunity for us to have a more public debate regarding the support and strategic advantage cyber provides in broader military campaigns and crisis," she stated. "If cyber is openly acknowledged as integral to the strike package, it can help sharpen the questions about the laws of armed conflict, proportionality, and what counts as a use of force."

A curious aspect of the ongoing conflict is Iran’s relative silence in the cyber domain. The nation has long been recognized as a formidable cyber power, and the Western cybersecurity community anticipated significant retaliatory attacks, either state-sponsored or from affiliated hacker groups. However, thus far, there has been a conspicuous lack of activity. This quiescence is puzzling, leading to two primary hypotheses: either Iran’s cyber capabilities have been significantly degraded by reported Israeli strikes, or their power has been overestimated. Iran’s reputation for cyber prowess was cemented by past attacks, such as the 2012 "wiper" malware attack on Saudi Arabia’s oil giant Aramco, which destroyed 30,000 computers. More recently, reports emerged of an Iranian-linked hacking group, Handala, employing wiper malware against the medical technology firm Stryker. Beyond wiper attacks, Iran has been accused of attempting to disrupt critical national infrastructure with the aim of causing physical harm.

Hurel cautions against premature conclusions about Iran’s capacity for retaliation, whether direct or through proxy hacker groups. "I wouldn’t jump to conclusions regarding Iran as we have seen considerable hacktivist activity, and public reporting has previously shown that patriotic hacker personas have sometimes been used as a facade for state-linked groups," she warned. This suggests that the digital front in the Iran conflict may still hold unseen dimensions, with Iran potentially preserving its offensive capabilities for a more opportune moment or operating through less overt channels. The full extent of Iran’s involvement and response in cyberspace remains an evolving and closely watched aspect of this complex and multi-faceted war.