Microsoft: Increasing Iranian cyberattacks against Israel and planning to influence the US elections
Iran has intensified its cyber operations and propaganda campaigns against Israel since the outbreak of war in the Gaza Strip on October 7, 2023, according to Microsoft.
The American company Microsoft issued a detailed report on Iranian cyber activities before and after the attacks carried out by the Hamas movement on October 7, 2023.
The report stated that several parties allied with the Iranian government launched a series of electronic and cyber attacks, and used artificial intelligence techniques and influence operations aimed at helping Hamas and weakening Israel, its political allies, and its commercial partners.
The Microsoft report says that Iran has intensified its cyber operations and online influence operations. To support the Hamas movement, it focused approximately 43 percent of its cyber activity against Israel.
But many of the operations carried out by Iran after October 7 were hasty and chaotic, which indicates – according to the report – that there was no coordination between Iran and Hamas.
The report also pointed to Iranian cooperation with a Hezbollah group in Lebanon. The report expected that Iranian influence operations and electronic attacks would be more targeted and destructive during the coming period, with the continuation of the conflict between Israel and Hamas, and with the US presidential elections approaching.
Microsoft’s report expects that the year 2024 will witness more targeted Iranian attacks on the United States during the presidential election period, highlighting that Iran will “test American red lines” such as targeting vital infrastructure, as it did against an Israeli hospital and an American water system in Pennsylvania. .
The report warned of greater threats intensifying in 2024 during the presidential elections in the United States. Building on what happened in the 2020 elections, when it impersonated extremist Americans and incited violence against US government officials.
Three stages of attacks
The report provided a description of the operations that take place in three stages: They begin interactively and by using government media to spread misleading information, such as what was published by the “Tasnim” agency affiliated with the “Iranian Revolutionary Guard” of news about the collapse of an Israeli electricity company, where a hacking group (likely… A group run by the Iranian Revolutionary Guard launched cyberattacks against an Israeli power plant in October. It was based on old reports of power outages in Israel, and an undated malfunction screenshot on the Israeli company’s website.
The second phase: It was characterized by the cooperation of various groups and entities affiliated with the Iranian government in promoting disinformation against Israel, according to coordination and goals set by Tehran, which allowed a great deal of cooperation, and thus the great specialization and effectiveness of these attacks.
The report said that multiple Iranian groups were targeting the same organization or Israeli military base through multiple, coordinated cyber activity. Online influence operations against Israel – a method that Iran seems to prefer to use – have accelerated, and these operations have increased and recorded ten operations in the month of October, which is double the record of six operations in a month in November 2022.
The report monitored one example on October 18, when the “Shahid Kawa” group, affiliated with the Iranian Revolutionary Guard, used ransomware designed to launch electronic attacks against security cameras inside Israel, and a cyber personality used “Suleiman Soldiers” to claim that it had hacked the security cameras and data at the base. The Israeli Air Force Nevatim, and after examining the security footage leaked by “Solomon’s Soldiers,” it turned out that it is footage from a town north of Tel Aviv that has a street named Nevatim, and not footage from the Israeli air base that bears the same name.
The third phase: It began late last November, which is to expand the geographic scope and target countries that Iran believes support Israel. This phase coincided with the Iranian-backed Houthis beginning their attacks on international shipping, and these attacks focused on Bahrain, Albania, and the United States.
One of the influence operations launched by Iran to influence Israeli public opinion and stir up anger against the Israeli Prime Minister regarding the hostages held by Hamas (Microsoft report)
On November 20, sockpuppet accounts issued warnings about impending cyberattacks against Albania, and later claimed responsibility for attacks on a group of Albanian organizations and institutions.
On November 21, a cyber puppet, named “Flood,” targeted the maritime government and financial institutions to prevent them from continuing to normalize their relations with Israel.
On November 22, these groups affiliated with the Iranian Revolutionary Guard began targeting Israeli programming controllers (industrial computers developed to control manufacturing processes such as assembly lines and robots), and cut off communication with the Pennsylvania Water Authority on the 5th. The twenty of November.
misinformation
The report monitored that government media published misleading details about Hamas attacks. Iran also increased hacking operations and efforts against Israel. The attacks took the form of a reaction in the first days of the war, but by late October, Iranian cyber actors intensified all their efforts to target Israel.
The Microsoft report explained that cyberattacks during that period became increasingly destructive, and campaigns to spread misinformation were more complex, and used fake and unreal accounts on social media platforms.
In terms of numbers, Iranian government groups tracked by Microsoft increased from nine attacks in the first week of the war to 14 attacks after just one week.
Impact operations rose from one operation every two months in 2021 to 11 in October 2023 alone. It also reported a 42 percent increase in traffic to Tehran websites in the first week, maintaining a 28 percent increase a month later.
Although Israel was the main target, Western and Arab countries were also attacked. An example of this is an Iranian group that targeted the Bahraini government and financial institutions. The most recent of which was a group of the Iranian Revolutionary Guard carrying out cyber attacks on the American Water Authority in Pennsylvania.
Iran’s goals
The report says that Iran’s main goal is to use its cyber operations to influence Israeli and global public opinion, through manipulation or intimidation by targeting “political and social differences.”
The report indicated that influence operations often focused their efforts around the 240 hostages who were kidnapped during the Hamas-led attack, or calling for the dismissal of Israeli Prime Minister Benjamin Netanyahu, in order to create a state of confusion or loss of confidence.
Microsoft’s report stated that it pursued two main goals: the first was to destabilize stability through polarization, leading to exacerbation of internal political and social differences; Therefore, I focused on the approach followed by the Israeli government in dealing with the crisis of the 240 hostages held by Hamas in Gaza, and disguised itself as activist groups seeking peace, criticizing the Israeli government and the Israeli Prime Minister, and calling for his dismissal.
The second goal, according to the Microsoft report, is revenge, as the Iranian attacks targeted the Israeli electricity, water and fuel infrastructure, in response to Israel’s threats that it would cut off electricity, water and fuel from Gaza, in reference to the principle of an eye for an eye.
The third goal is intimidation that leads to intimidation of Israeli citizens, and threatening the families of IDF soldiers by publishing accounts on the (X) platform and messages stating that the Israeli army has no authority to protect its soldiers, and other messages aimed at convincing IDF soldiers to surrender.
The fourth goal is to undermine international support for Israel by targeting parties that support Israel and highlighting the damage caused by the Israeli attacks against the Gaza Strip.
Artificial Intelligence attacks
The major Iranian attack – according to the report – was to cut off television broadcast services in early December 2023, and replace it with a video clip using (a news anchor created by artificial intelligence) as part of the Iranian influence campaign in Britain, Canada and the Emirates. Microsoft highlighted it as the “first” of its kind by government groups in Tehran, relying on artificial intelligence technologies to play a major role in their operations.
The Artificial Intelligence Monitoring Department at Microsoft monitored the Iranian propaganda index.
He said that Iranian state media has achieved great success in English-speaking countries closely allied with the United States, and has increased interest and traffic visiting Iranian news outlets, compared to overall Internet traffic. During the first week of the Israeli war against the Gaza Strip, there was a 42 percent increase in visits to Iranian websites from the United States, Britain, Canada, Australia and New Zealand, indicating Iran’s ability to reach Western audiences through its reporting on the conflict in the Middle East. The report said that success in this was stronger in the first days of the war, and a month after the war, access to these Iranian sources remained 28 percent higher than pre-war levels.
Iranian penetration operations
The report says that Iranian parties not only disguise themselves as their enemies, but also as their friends. Recent operations carried out by Iranian groups have used the name and logo of the military wing of Hamas, the “Qassam Brigades,” to spread false messages and threaten members of the Israeli army. But it is not clear whether Iran is acting with Hamas’ approval or not.
Iran was also able to attract Israelis to participate in activities promoting its operations. In one recent operation, dubbed “Tears of War,” Iranian agents persuaded Israelis to hang banners bearing the sign “Tears of War,” using artificial intelligence-generated images, in Israeli neighborhoods, based on Israeli press reports, and to encourage the dismissal of Benjamin Netanyahu.
Email campaigns
Iran has increasingly used mass text messages and email campaigns to reinforce negative psychological effects, and messages that appear on people’s phones or in their inboxes have been shown to have a greater impact than fake accounts on social media. The report says that Iran uses public and covert media linked to the Iranian Revolutionary Guard to amplify cyber operations and exaggerate their effects. In September, an Iranian hacking group claimed cyberattacks against the Israeli railway system, and Iranian Revolutionary Guard media almost immediately amplified and exaggerated its claims.
#Israeli #Finance #Minister #cancels #tax #exemptions #UNRWA
2024-02-08 15:37:53