DHS Warns of Retaliatory Cyberattacks in Response to U.S. Drone Strike

The U.S. Department of Homeland Security has issued a warning about retaliatory cyberattacks following the military action in Iraq in which Iran’s top general, Major General Qasem Soleimani, was killed in a drone strike.

The U.S. Department of Defense issued a statement saying “General Soleimani was actively developing plans to attack American diplomats and service members in Iraq and throughout the region.” President Trump tweeted soon after the attack saying, “We took action last night to stop a war. We did not take action to start a war.”

Iran has condemned the attack and the country’s supreme leader, Ayatollah Ali Khamenei, has vowed to take “forceful revenge” on the United States. The U.S. State Department has advised all Americans in Iraq to leave the country over concerns for their safety and on Sunday, Iraqi MPs voted to expel all US troops from the country,

There are genuine fears of reprisal attacks from Iran and growing concern that those attacks will take place in cyberspace rather than on the ground. US companies, government agencies, and critical infrastructure could be targeted. Iran may have relatively limited military power, but highly destructive cyberattacks are well within Iran’s capabilities.

Threat actors with links to the Iranian government have long been conducting cyberattacks in the United States, but the nature of the attacks may well change. Iran has been developing a range of offensive cyber tools and has conducted destructive cyberattacks in the past. Notably, threat actors linked to Iran used the wiper malware Shamoon to attack the Saudi Arabian oil giant Aramco in 2012. Further wiper malware variants are understood to have also been developed which could be deployed against targets in the United States. Iran has also been linked to the SamSam ransomware attacks, including the attack on the City of Atlanta.

Acting secretary of the DHS, Chad Wolf, said no specific, credible threats against the United States have been identified so far. The DHS will continue to monitor the situation and will be working with local, state, and federal partners to ensure the safety of all Americans.

It is not known if or when any attacks will take place, but local, state, and federal leaders have been urged to take the necessary precautions. Director of the DHS’ Cybersecurity and Infrastructure Security Agency, Chris Krebs, said on Twitter, “Bottom line: time to brush up on Iranian [Tactics, Techniques and Procedures] and pay close attention to your critical systems, particularly ICS. Make sure you’re also watching third party accesses!”

Krebs also referenced an earlier warning that he issued in June, in which he said, “CISA is aware of a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies. We will continue to work with our intelligence community and cybersecurity partners to monitor Iranian cyber activity, share information, and take steps to keep America and our allies safe.”

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.