Iran’s Cyberattacks Capabilities


Iran has a significant advantage in asymmetric military capabilities, which are based on terrorist agents and low-cost military technology. Although international sanctions have limited Iran’s ability to purchase or develop advanced technology in almost all sectors, it still has the basic electronic capacity to launch attacks on its opponents, which is also uses extensively for espionage and theft.

Iran has been the subject of many devastating cyberattacks in the past, so it has learned the value of having its own electronic capability. This enabled Iran to use “electronic repression” to confront the protests that spread across the Internet in what was known as the “Green Movement” in 2009, limiting access to the Internet, and censoring web content posted by protesters. In contrast to other nations, Iran’s electronic capabilities consist of a complex network of contractors who carry out tasks through intermediaries. They work to achieve the requirements and goals set by the Ministry of Intelligence or the Iranian Revolutionary Guard Corps (IRGC). Iran has gained access to sensitive data on individuals through attacks on government and service-sector targets. It has succeeded in stealing the intellectual property of some technology companies, in addition to accessing the contact data of service providers, while it continues to improve its ability to attack and develop its technical capabilities.

Because conventional targets have become more aware of information technology (IT) security measures, Iran is now attacking weaker organizations in the supply chains for these targets. Iran also launches attacks on a large scale to obtain information or find “loopholes” to harm or steal from its main targets. The majority of these attacks are directed at computers, although Iran also has a basic ability to steal data from mobile phones. Although this latter capacity is limited, it has already shifted to international targeting rather than domestic use. In addition, Iran will continue to have the capability to carry out attacks to steal information from industrial control system suppliers, which enables it to identify further weaknesses in this equipment.