Pro-Iran hacktivists borrow from Russia's cyber playbook

Iranian state-backed hackers are borrowing from the Russian cyber playbook and sharing tools with ideologically aligned hacktivist groups in the wake of a series of military strikes, experts tell Axios.Why it matters: Leaning on these hackers allows Iran to amplify its reach while maintaining plausible deniability and staying below the threshold of what's considered war.Driving the news: Iran-linked hackers threatened last night to publish emails purportedly stolen from Trump allies, including White House chief of staff Susie Wiles, lawyer Lindsey Halligan and adviser Roger Stone.CISA and the FBI released an advisory yesterday warning U.S. critical infrastructure, and particularly defense contractors, are at increased risk for potential Iran-linked cyberattacks.The intrigue: Experts at cybersecurity firm Armis say they've observed Iranian nation-state actors providing tools and resources to pro-Iran hacktivist groups since Israel launched military strikes on June 13.Michael Freeman, head of threat intelligence at Armis, told Axios that pro-Iran hacktivists have received "a lot of help," including access to nondescript cyber weapons and hacking techniques that could help them target Western organizations."Those [weapons and techniques] were being used to target more critical infrastructures within nation-states," Freeman told Axios.These attackers appear focused on strategic cyber campaigns, including ransomware, linked to the broader regional conflict."They're definitely using these tools, gaining more access, being more careful — without getting caught," Freeman added.The big picture: Iran increasingly mirrors Russia's model of relying on cyber proxies and psychological operations to project power."This is very Russian in nature," Alexander Leslie, a threat intelligence analyst at Recorded Future, told Axios. "Using proxies for plausible deniability is essentially the essence of how they can scale these operations and remain resilient to any kind of disruption."Leslie added that Iran frequently leans on "pseudo-hacktivist groups" to stay just below the threshold of conventional cyber warfare.Zoom in: A hacker tied to a well-known Russian nation-state hacking team has been sharing tools and advice in a pro-Iran hacktivist group, Freeman said.Between the lines: Some of the most serious attacks have likely been stopped before they became public, thanks to early detection and Five Eyes intelligence-sharing, Nadir Izrael, chief technology officer at Armis, told Axios."The silence isn't an indication of nothing happening," Izrael said. "It's an indication of defenses holding — and a lot of people doing a lot of work to make that happen."State of play: Activity from pro-Iran hacktivist groups has dipped since a ceasefire was announced last week, but many of the most opportunistic actors had already pivoted to targeting last week's NATO summit.More than 100 hacktivists groups, 90 of which are linked to pro-Iranian positions, have been targeting organizations in Israel and throughout the Middle East, North Africa, Western Europe and North America since Israel's strikes last month, Leslie said.Many of those groups resurfaced during this conflict after a long hiatus, Leslie added.Despite broad claims of successful attacks, most of the groups' reported DDoS campaigns are unverified. "The point is to overwhelm and shape perception," Leslie said.Threat level: Freeman warned U.S. critical infrastructure operators to take inventory of their systems and patch overlooked vulnerabilities — especially in "systems that operate systems.""The companies who've had to deal with the Iranian groups, that really had a good understanding of their environment, were able to detect them quickly, within a few hours," he said.What to watch: Law enforcement and private sector partners are actively working to identify and harden vulnerable industrial systems that Iranian threat actors may be targeting.Go deeper: U.S. companies brace for Israel-Iran cyber spillover

Comments

World news

Full list of European countries under heatwave alerts as mercury soars to 46C

Independent

Comments

World news

Full list of European countries under heatwave alerts as mercury soars to 46C

Paramount agrees to pay Trump $16 million to settle ‘60 Minutes’ lawsuit CBS News called ‘meritless’

Trump claims Israel has agreed to 60-day ceasefire in Gaza

Europe heatwave latest: Eiffel Tower summit closed as continent faces record-breaking temperatures

Australia bomb cyclone live: Flood emergency warnings issued as strong winds leave thousands without power

I gave up on transferring my pension to one pot as it was too complicated

Jordan Nobbs: Nine things you didn’t know about the Lionesses

K-pop is coming for your kids – embrace it

Steve Coogan: ‘Keir Starmer makes me admire Thatcher – at least she had a point of view’

I used to hate watching Novak Djokovic at Wimbledon – but now I’m a convert

The no-fly French holiday with sunshine, cobbled cities and an Art Deco pool

Coco Gauff’s Wimbledon shock only proves the greatness of Alcaraz and Djokovic

The day Wimbledon ‘felt like Florida’ – how players are beating the heat in SW19

The Yimby town housing UK’s most dangerous nuclear site – and it’s keen for more

Landlords could be forced to ensure renters don’t live in damp and mould

What Foreign Aid Cuts Mean for the World’s Worst Displacement Crisis

Why the U.S. Should Build Data Centers in Dubai and Riyadh

Expert: Putin is changing tactics but would need SEVENTY YEARS to conquer all Ukraine

Timeline of the Idaho college killings

Post office in Plains, Georgia, to be renamed to honor Jimmy and Rosalynn Carter

Teen bullies in Tennessee may be banned from driving under new law

North Texas mom wanted for the murder of her 6-year-old son added to FBI’s Ten Most Wanted

Ukraine-Russia war latest: US halts weapons shipments after Macron holds first Putin phone call since 2022

Orange County congresswoman targeted by protests over Trump megabill, cuts to healthcare

U.S. won't send some weapons pledged to Ukraine following a Pentagon review of military assistance

Passengers wrote their wills and goodbye letters as 'stewardess cried' on plummeting plane

FBI Special Agent supervisor hired prostitutes on assignments, watchdog claims

Senate Republicans Just Undermined Trump’s Energy Dominance Agenda

Trump says Israel has agreed on terms for 60-day ceasefire in Gaza, and has warning for Hamas

Passengers pen goodbye letters during plane's 26,000 ft drop, oxygen masks deployed

Hackers abuse generative AI tool to create phishing sites in as little as 30 seconds

Florida says "Alligator Alcatraz" is temporary. Trump isn't so sure.

Newsom says Trump "caved" after 150 California National Guard troops moved to wildfire duty

Qantas data breach exposes up to six million customer profiles

US halts some weapons shipments to Ukraine, White House says

Mexican banks face cascading consequences following U.S. sanctions

Europe sizzles and the Eiffel Tower's summit closes

Charities and humanitarian groups press for end to Israeli-backed aid group in Gaza

Ukraine latest Russian neighbor to pull out of anti-landmine ban treaty

International charities and NGOs call for end to controversial Israeli-backed aid group in Gaza

Starmer's attempt at welfare reform roils his party, capping a troubled first year in office

Mother arrested after newborn baby found dead in several bin bags

The punishing price of essentials as Brits experience 'comfort crunch'

Trump announces Israel-Gaza ceasefire deal but warns 'it will only get worse'

20 states sue after the Trump administration releases private Medicaid data to deportation officials

UPenn bans transgender athletes from female sports and revokes some of Lia Thomas’ records in Trump admin deal

Americans are spending less on luxury items but this market still shines

Sleepless in the Senate well: Late-night ball game, cornered holdout, partisan tacos and Trump’s fave breakfast

Springer soaks up Canada Day vibes at the plate

Tornado warning issued for part of Yellowhead County in Alberta

Trump touts Gaza '60 day ceasefire' after Israel agrees US terms but tells Hamas 'it will only get worse'

A Crackdown Inside Iran

‘Our town’s going to collapse’: Northern B.C. businesses demand Ottawa revisit immigration, work permit cuts

Elks head coach says team ‘needs to grow’ as it continues to search for 1st win of CFL season

Report: Drug cartels' fentanyl trafficking part of China's asymmetric war on United States

Hurricane Flossie could become a major hurricane off the Pacific coast of Mexico

'Robert' returns: FBI investigating suspected Iranian hackers claiming to have Trump team info

'Lost city of Atlantis FOUND' — Archaeologist makes shock claim after underwater discovery

Here are the companies facing boycotts this month over workers’ rights and DEI policy changes

Republicans fall into line again and bring Trump’s agenda closer to reality