The U.S. Department of Homeland Security has issued warnings about the possibility of cyberattacks launched by Iran in response to the United States killing Qassem Soleimani, a top Iranian military commander.
Soleimani was killed last week in Iraq as a result of a U.S. airstrike. While many — including U.S. officials — have criticized the decision to kill the leader of the Iranian Revolutionary Guards’ Quds Force unit, Washington justified its actions by claiming that Soleimani had been planning an imminent attack on U.S. interests in the Middle East.
Tensions have escalated and Iran has vowed revenge. In addition to military strikes and other actions Iran could take in the real world, many experts believe Iran will also launch cyberattacks in response to the killing of the general.
As a result, the DHS has advised organizations to be prepared for potential cyberattacks launched by Iran. Christopher Krebs, the director of the DHS’s Cybersecurity and Infrastructure Security Agency (CISA), has pointed to a statement issued by the agency last summer regarding Iranian cybersecurity threats.
Krebs said, “Time to brush up on Iranian TTPs and pay close attention to your critical systems, particularly ICS. Make sure you’re also watching third party accesses!”
In addition to Krebs’ warning, the DHS on Saturday issued a new National Terrorism Advisory System bulletin. These “Bulletins” describe current developments or general trends regarding terrorism threats, unlike “Elevated Alert” or “Imminent Alert” advisories, which describe credible threats or specific and impending threats agasint the U.S., respectively.
While the DHS does not have information indicating a specific threat, it has warned that Iran has the capability to conduct operations in the United States.
“Previous homeland-based plots have included, among other things, scouting and planning against infrastructure targets and cyber enabled attacks against a range of U.S.-based targets,” the bulletin reads.
It adds, “Iran maintains a robust cyber program and canexecute cyberattacks against the United States. Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”
A group of hackers claiming to be from Iran defaced the website of the U.S. Federal Depository Library Program (fdlp.gov) over the weekend, apparently in response to Soleimani’s death. However, the attack did not appear too sophisticated — some reported that the website is powered by Joomla and the attackers likely exploited a vulnerability in one of its components.