Skip to content
The Growing Danger of the Iranian Cyber Threat
Go to my account

The Growing Danger of the Iranian Cyber Threat

The Islamic Republic’s hostile actions against Israel and its Arab allies demonstrate the need for American leadership.

(Photo illustration by Jakub Porzycki/NurPhoto/Getty Images)

America’s slow retreat from the Middle East has created an unstable geopolitical vacuum met by increasingly dangerous Iranian cyber capabilities. While Israel and several Arab nations are banding together against this digital onslaught, the Biden administration appears unwilling to take up the mantle of cyber leadership. Its reluctance to act is a missed opportunity on multiple fronts: The U.S. can also better protect its own networks with intelligence gained from partners on the front lines, and American strategic orchestration begets a more coherent and effective multilateral response to Tehran. Meanwhile, the administration is quickly losing its ability to maintain friendly oil markets and contain Iran’s nuclear ambitions.

Tehran has been carrying out attacks for years. In its most destructive hack—the 2012 Shamoon attack—the regime targeted Aramco, the Saudi Arabian state-owned oil company. Iranian cyber operators deployed malware to delete troves of data from corporate servers. The attack temporarily crippled the world’s largest oil and gas exporter, leaving more than 30,000 computers unusable and causing millions of dollars in damages. But things are getting worse.

Iran’s 2011-2013 cyber campaign to disrupt the U.S. banking sector used only simplistic techniques to overwhelm networks with traffic. And, despite its impact, Shamoon was a copycat of cyberattacks targeting Iran itself. But the Islamic regime has evolved, and it is building sophisticated exploits to hack and control Israeli and U.S. drones. And Iran can now pair cyberattacks with elaborate and convincing social engineering. During the 2020 U.S. presidential election, the U.S. blamed Iran for a voter intimidation operation featuring emails spoofed to look like they were from the right-wing extremist group Proud Boys.

Not unsurprisingly, Israel, the United Arab Emirates, Bahrain, and Morocco—signatories to the U.S.-brokered Abraham Accords that normalized Arab-Israeli relations—are pursuing greater cyber-defense cooperation. Iran and its allies have targeted each aggressively. But it would be a mistake to assume that this newfound collaboration will produce stability without American leadership. Retaliatory measures by these countries risk stoking regional conflict and drawing Washington into an unwanted conflict. Strategic direction from the U.S. will help prevent unnecessary cyber escalation while providing a common vision for marshaling resources against the Iranian threat.

Israel’s tit-for-tat relationship with Iran shows how the Islamic regime already lures U.S. partners into more intensified cyber disputes. Across 2020 and 2021, Iran tried to breach Israel’s water infrastructure, extorted a widely used web-hosting firm, and targeted hospitals with ransomware. Israel responded by disrupting an Iranian port facility, public transportation systems, and even the flow of gas across the country. As Arab states’ cyber capabilities catch up to those of Israel, the U.S. should worry about similar trends unfolding.

While the Abraham Accords emerged in part to ensure regional order without deep American engagement, the agreement offers the U.S. a framework for retaining its role as security guarantor. Cyber issues are a perfect starting point for renewing American influence. The U.S. can glean valuable information from partner networks on new Iranian methods, much as it has done with European allies vis-à-vis Russia. Just as critical, the White House can leverage the demand for its superior cyber intelligence to disincentivize risky cyberattacks and shape behavior on other digital issues, such as rampant spyware abuse.

Also, what has been happening in the Middle East is no longer staying in the Middle East. Iran has aggressively targeted European governments in recent years. From 2017 to 2019, the Iranian Revolutionary Guard Corps—a U.S.-designated terrorist organization—tried to exploit United Kingdom government workers to collect sensitive information. Even more recently, in 2022, Iran attempted to take all of Albania offline for harboring regime dissidents. 

And thanks to America’s regional extrication, Iran isn’t the only challenge. The conflicts raging in America’s absence have entailed their own cyber dimensions that risk spillover. In the Syrian civil war, the Assad regime and various rebel factions (and each side’s respective sponsors) have all recklessly deployed malware to attack adversarial computers and networks. Similarly, in Yemen, malware use has skyrocketed as a struggle over internet infrastructure has emerged alongside conventional fighting between the government and Houthi insurgents. Additionally, Chinese and Russian digital footprints in the region loom increasingly large.

The administration’s deprioritization of the Middle East has left cyberspace up for grabs as both friendly and hostile powers vie for regional influence. Biden and his team cannot afford to continue making the same mistakes. 

Jason Blessing, Ph.D., is a research analyst at the Potomac Institute for Policy Studies. His research focuses on cybersecurity as well as transatlantic relations. All views are his own and do not represent the views of the Institute. Follow him on X/Twitter @JasonABlessing.

Share with a friend

Your membership includes the ability to share articles with friends. Share this article with a friend by clicking the button below.

Please note that we at The Dispatch hold ourselves, our work, and our commenters to a higher standard than other places on the internet. We welcome comments that foster genuine debate or discussion—including comments critical of us or our work—but responses that include ad hominem attacks on fellow Dispatch members or are intended to stoke fear and anger may be moderated.

You are currently using a limited time guest pass and do not have access to commenting. Consider subscribing to join the conversation.

With your membership, you only have the ability to comment on The Morning Dispatch articles. Consider upgrading to join the conversation everywhere.