Iran says it has intercepted multiple cyberattacks it attributes to Israel, including a new variant of the notorious Stuxnet malware.
Stuxnet is widely believed to have been developed through cooperation between Israeli and US intelligence agencies.
“Recently, we discovered a new generation of Stuxnet which consisted of several parts … and was trying to enter our systems,” the ISNA news agency quoted Gholamreza Jalali, head of Iran’s civil defense organization, as saying last week.
A 2012 New York Times report detailed how Stuxnet originally spread after it unexpectedly escaped from the Natanz nuclear facility in Iran, where it had been deployed.
That operation was reportedly authorized under President George W. Bush and was intended to remain confined to the air-gapped Natanz network. Security investigators believe the malware escaped when computers or removable media were moved between the isolated Natanz environment and systems connected to the public internet.
In his book Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power, journalist David Sanger recounts how US officials suspected Israeli modifications to Stuxnet’s code may have contributed to its unintended spread:
“‘We think there was a modification done by the Israelis,’ one of the briefers told the president, ‘and we don’t know if we were part of that activity.’”
According to officials present during the briefing, President Obama pressed for answers, concerned the code could cause collateral damage beyond the plant. After hedged responses, Vice President Biden reacted angrily. ‘It’s got to be the Israelis,’ he said. ‘They went too far.’”
Since the Trump administration withdrew from the Iran nuclear agreement and reimposed sanctions over alleged breaches, tensions between the United States and Iran have escalated, raising the possibility of renewed covert actions, including in cyberspace.
Given the heightened geopolitical strain, cyber operations against Iran by foreign actors — including the US and Israel — remain a plausible scenario. Iran’s recent public statements indicate it detected and blocked these attempts.
“Thanks to the vigilance of the technical teams, they returned empty-handed,” Mohammad Javad Azari Jahromi, Iran’s communications minister, wrote on Twitter. “We will pursue this hostile act through international bodies.”
Interested in hearing industry leaders discuss topics like this and learning from their experiences? Attend the Cyber Security & Cloud Expo World Series, with upcoming events in Silicon Valley, London, and Amsterdam, to explore developments in cybersecurity and cloud technology.