Friday, January 26, 2024

Israeli hacker group is sending very strong messages to Iran: "We can really, really hurt you if we want"

Wired has a fascinating story about the Israel-based Predatory Sparrow hacking group and their majr attacks against Iranian infrastructure.

These attacks go beyond defacing or taking down websites. They are actually affecting the lives of Iranians, and they show that cyberwar can not only affect cyberspace but the real world as well.

Predatory Sparrow is distinguished most of all by its apparent interest in sending a specific geopolitical message with its attacks, says Juan Andres Guerrero-Saade, an analyst at cybersecurity firm SentinelOne who has tracked the group for years. Those messages are all variations on a theme: If you attack Israel or its allies, we have the ability to deeply disrupt your civilization. “They're showing that they can reach out and touch Iran in meaningful ways,” Guerrero-Saade says. “They're saying, ‘You can prop up the Houthis and Hamas and Hezbollah in these proxy wars. But we, Predatory Sparrow, can dismantle your country piece by piece without having to move from where we are.’”  
But the group is calibrating its message:
SentinelOne’s Guerrero-Saade argues that [their] actions suggest that Predatory Sparrow may be the first effective example of what cyber policy wonks refer to as “signaling”—using cyberattack capabilities to send messages designed to deter an adversary's behavior. That's because, he says, the group has combined a relatively restrained and discriminating approach to its politically motivated hacking with a clear demonstration of willingness to use its capabilities for broad effects—a willingness, he points out, that the United States’ hacking agencies, like the National Security Agency and Cyber Command, have often lacked.

“There’s no such thing as effective signaling if you can’t show credibly to the other person that not only do you have the capability, but that you’re willing to use it,” Guerrero-Saade says.
The article lists several specific attacks.

In 2021, Predatory Sparrow triggered malware on Iranian transportation systems, forcing train delays and other problems. 

Later that year, the group performed a limited attack on Iranian gas station point of sale systems, but made it clear that they could have caused far more damage. They even warned Iranian emergency services to fill up their vehicles with fuel before the attack.

The next next attack was game changing. "In June of 2022, Predatory Sparrow carried out one of the most brazen acts of cybersabotage in history, triggering the spillage of molten steel at Iran's Khouzestan steel mill that caused a fire in the facility." 

And recently, the group repeated its attack on gas stations in Iran, causing chaos for drivers.

There are other attacks attributed to Israel itself that have affected real world living in Iran. The Stuxnet attack on an Iranian nuclear plant was the most famous one. And in 2020, Israel is suspected to have mounted a cyberattack on an Iranian port, effectively stopping most imports to Iran from sea for days.  This was in response to an Iranian attempt to poison Israel's water system in its own cyberattack. 

Cyberwar is real. And it has real-world consequences. But it is not only limited to state actors, and talented private individuals and groups can cause mass chaos if they choose. 

Buy the EoZ book, PROTOCOLS: Exposing Modern Antisemitism  today at Amazon!

Or order from your favorite bookseller, using ISBN 9798985708424. 

Read all about it here!