Microsoft Threat Intelligence on Tuesday issued a report titled, “Iran turning to cyber-enabled influence operations for greater effect.” The report says Iran “continues to be a significant threat actor” in cyber-attacks, and has added a new playbook, leveraging its “cyber-enabled influence operations (IO)” to achieve its geopolitical aims.
According to Microsoft, its researchers have suggested that Iran’s efforts have been rapidly accelerating since June 2022: “We attributed 24 unique cyber-enabled influence operations to the Iranian government last year––including 17 from June to December––compared to just seven in 2021.”
The FBI in January 2022, released a Private Industry Notification that provided a historical overview of the tactics, techniques, and procedures, of the Iranian cyber company Emennet Pasargad, to help online users identify and defend against the group’s malicious cyber activities.
“We assess that most of Iran’s cyber-enabled influence operations are being run by Emennet Pasargad, an Iranian state actor sanctioned by the US Treasury Department for their attempts to undermine the integrity of the 2020 US Presidential Elections,” Microsoft said.
On November 18, 2021, the US Department of the Treasury’s Office of Foreign Assets Control sanctioned six Iranian individuals and Emennet Pasargad for “imposing Certain Sanctions in the Event of Foreign Interference in a United States election.”
According to the Microsoft report, Iran’s techniques may have changed, but its targets have not. “These operations remain focused on Israel, prominent Iranian opposition figures and groups, and Tehran’s Gulf state adversaries.”
“Iran directed nearly a quarter (23%) of its cyber operations against Israel between October of 2022 and March of 2023, with the United States, United Arab Emirates, and Saudi Arabia also bearing the brunt of these efforts,” according to Microsoft.
Iran has also adopted cyber-enabled IO against its own nationwide protests, by leaking information aimed at embarrassing prominent regime opposition figures or exposing their “corrupt” relationships.
At the same time, the future threat of increasingly destructive Iranian cyberattacks remains against Israel and the United States, according to Microsoft.