Highlights
Iran’s multifaceted approach in the cyber domain allows Iran to project power and influence in the Middle East while avoiding direct conventional military confrontations with stronger adversaries. Iran uses cyber operations to complement its broader geopolitical strategies, often employing cyber espionage and sabotage to gain strategic advantages or to retaliate against sanctions and military threats. As Iran increasingly incorporates AI technologies into its cyber operations, the likelihood of more disruptive and damaging activities escalates, presenting a substantial challenge not only to regional stability but also to global security.
Maj. Gen. Qassem Soleimani’s death marked a significant turning point in Iran’s cyber strategy, pushing Tehran to assert its power and influence through increased cyber activities aimed at the U.S. and its allies
Cyber proxy groups use various tactics to create negative psychological effects among adversaries. APTs such as Mint Sandstorm use precise targeting to create unease among a specific group of people. Iran also uses “faketivists,” which are groups that commit cyberattacks for a specific cause, like hacktivists, but are borne from a specific geopolitical event and are created by a nation-state to perpetuate narratives that support their cause. Faketivists can be nation-state actors and/or proxy groups associated with the IRGC and the Ministry of Intelligence and Security (MOIS). The cyberattacks in Israel that have deployed faketivists have had mixed success, but they have garnered both local and global support. The purpose of these groups is to spread their “success” and to create disruption and attention, regardless of actual operational success.
Looking ahead, we can expect Iran to further integrate AI into its cyber strategy, escalating the frequency and sophistication of attacks, particularly on critical infrastructure and democratic processes. Additionally, the growing alignment between Iran and other global cyber powers, such as Russia and China, further increases the sophistication and reach of its cyber capabilities, presenting significant challenges for those attempting to counter these evolving threats.