As they fled an Iranian missile strike, some Israelis with Android phones received a text offering a link to real-time information about bomb shelters. But instead of a helpful app, the link downloaded spyware giving hackers access to the device’s camera, location and all its data.
The operation, attributed to Iran, showed sophisticated coordination and is just the latest tactic in a cyber conflict that pits the U.S. and Israel against Iran and its digital proxies. As Iran and its supporters seek to use their cyber capabilities to compensate for their military disadvantages, they are demonstrating how disinformation, artificial intelligence and hacking are now ingrained in modern warfare.
The bogus texts received recently appeared to be timed to coincide with the missile strikes, representing a novel combination of digital and physical attacks, said Gil Messing, chief of staff at Check Point Research, a cybersecurity firm with offices in Israel and the U.S.
“This was sent to people while they were running to shelters to defend themselves,” Messing said. “The fact it’s synced and at the same minute … is a first.”
The digital fight is likely to persist even if a ceasefire is reached, experts said, because it’s a lot easier and cheaper than conventional conflict and because it is designed not to kill or conquer, but to spy, steal and frighten.
Iran-linked groups are turning to high-volume, low-impact cyberattacks
While high in volume, most of the cyberattacks linked to the war have been relatively minor when it comes to damage to economic or military networks. But they have put many U.S. and Israeli companies on the defensive, forcing them to quickly patch old security weaknesses.
Investigators at the Utah-based security firm DigiCert have tracked nearly 5,800 cyberattacks so far mounted by nearly 50 different groups tied to Iran. While most of the attacks targeted U.S. or Israeli companies, DigiCert also found attacks on networks in Bahrain, Kuwait, Qatar and other countries in the region.
Many of the attacks are easily thwarted by the latest cybersecurity precautions. But they can inflict serious damage on organizations with out-of-date security and impose a demand on resources even when unsuccessful.
Then there’s the psychological impact on companies that may do business with the military.
“There are a lot more attacks happening that aren’t being reported,” said Michael Smith, DigiCert’s field chief technology officer.
A pro-Iranian hacking group claimed responsibility Friday for infiltrating an account of FBI Director Kash Patel, posting what appeared to be years-old photographs of him, along with a work resume and other personal documents. Many of those records appeared to be more than a decade old.
It’s similar to a lot of the cyberattacks linked to pro-Iran hackers: splashy and designed to boost morale among supporters, while undermining the confidence of the opponent but without much impact to the war effort.
Smith said these high-volume, low-impact attacks are “a way of telling people in other countries that you can still reach out and touch them even though they’re on a different continent. That makes them more of an intimidation tactic.”
Health care and data centers have been a target
Iran is likely to target the weakest links in American cybersecurity: supply chains that support the economy and the war effort, as well as critical infrastructure like ports, rail stations, water plants and hospitals.
Iran also is targeting data centers with both cyber and conventional weapons, showing how important the centers have become to the economy, communications and military information security.
This month, hackers supporting Iran claimed responsibility for hacking Stryker, a Michigan-based medical technology company. The group known as Handala claimed the strike was in retaliation for suspected U.S. strikes that killed Iranian schoolchildren.
Cybersecurity researchers at Halcyon recently published the findings of another recent cyberattack targeting a health care company. Halcyon did not reveal the name of the company but said the hackers used a tool that U.S. authorities have linked to Iran to install destructive ransomware that shut the company out of its own network.
The hackers never demanded a ransom, suggesting they were motivated by destruction and chaos, not profit.
Together with the attack on Stryker, “this suggests a deliberate focus on the medical sector rather than targets of opportunity,” said Cynthia Kaiser, senior vice president at Halcyon. “As this conflict continues, we should expect that targeting to intensify.”
Artificial intelligence is providing a boost
AI can be used both to increase the volume and speed of cyberattacks as well as allow hackers to automate much of the process.
But it’s disinformation where AI has really demonstrated its corrosive impact on public trust. Supporters of both sides have spread bogus images of atrocities or decisive victories that never happened. One deepfake image of sunken U.S. warships has racked up more than 100 million views.
Authorities in Iran have limited internet access and are working to shape the view Iranians receive of the war with propaganda and disinformation. Iranian state-run media, for instance, has begun labeling actual footage of the war as fake, sometimes substituting its own doctored images, according to research at NewsGuard, a U.S. company that tracks disinformation.
Heightened concerns about the risks posed by AI and hacking prompted the State Department to open a Bureau of Emerging Threats last year focused on new technologies and how they could be used against the U.S. It joins similar efforts already underway at agencies including the Cybersecurity and Infrastructure Security Agency and the National Security Agency.
AI also plays a role in defending against cyberattacks by automating and speeding the work, Director of National Intelligence Tulsi Gabbard recently told Congress.
The technology, she said, “will increasingly shape cyber operations with both cyber operators and defenders using these tools to improve their speed and effectiveness,” Gabbard said.
While Russia and China are seen as greater cyberthreats, Iran has nonetheless launched several operations targeting Americans. In recent years, groups working for Tehran have infiltrated the email system of President Donald Trump’s campaign, targeted U.S. water plants and tried to breach the networks used by the military and defense contractors. They have impersonated American protesters online as a way to covertly encourage protests against Israel.
This story was originally featured on Fortune.com
