Iranian hackers ramped up their attacks against U.S. targets as expected in the immediate aftermath of President Trump withdrawing this week from the Iran nuclear deal, cybersecurity experts said afterwards.
Researchers at CrowdStrike, a cybersecurity firm headquartered in Silicon Valley, witnessed a “notable” shift in Iranian cyberactivity within 24 hours of Mr. Trump announcing his withdrawal from the nuclear deal Tuesday, The New York Times reported on Friday.
After Mr. Trump’s announcement, Iranian hackers began sending malicious emails to diplomats employed in the foreign affairs offices of U.S. allies and unspecified telecommunications firms, according to CrowdStrike, The Times said.
The emails contained malware designed to let the hackers infiltrate the recipients’ computer systems, the newspaper reported, though it was not immediately clear if any of their targets were actually breached.
The apparent surge was hardly unexpected, and the assaults allegedly occurred after other security researchers warned that withdrawing the U.S. from the Iranian nuclear deal would likely trigger retaliatory cyberattacks following years of relative inactivity in terms of Iran hacking American targets.
Iran has been blamed in the past for high-profile hacks targeting U.S. entities — including a dam near New York City in 2013, and the Sands Las Vegas Corporation in 2014 — but security researchers have said that it scaled back those sorts of cyberattacks after the nuclear deal was reached under the Obama administration in 2015 when Iran agreed to curb its energy program in exchange for U.S. lifting sanctions.
Mr. Trump said while campaigning that he’d renegotiate the Iran deal if elected president, and experts have cautioned that withdrawing would likely spur cyberattacks worse than the ones witnessed before 2015.
“With the dissolution of the agreement, we anticipate that Iranian cyberattacks will once again threaten Western critical infrastructure,” John Hultquist, the director of threat intelligence for FireEye, another Silicon Valley-based cybersecurity firm, said Wednesday.
“They’ve developed this ability over the last years and there’s no reason for them not to use it now,” added Levi Gundert, an analyst at private intelligence firm Recorded Future. “They want to try to induce other countries to think about repercussions before levying sanctions, and they have a real capability in the cyber domain,” he told Wired earlier this month.
In announcing his withdrawal Tuesday, Mr. Trump described the Iran deal as “decaying and rotten.”
“The Iran deal is defective to its core,” the president said.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.