U.S. Expects Iranian Cyber Attacks in Retaliation to New Sanctions, Experts Say

American intelligence agents are preparing to face a fresh wave of Iranian cyber attacks as the U.S. imposes a new set of sanctions on Tehran.

Experts who spoke to the Associated Press suggested Iran might leverage its strong cyber warfare capabilities to retaliate against the restrictions that came into force Tuesday on the orders of President Donald Trump.

In a Tweet announcing the measures, Trump said he was hoping to achieve "world peace," but his innate opposition of the Obama-era nuclear deal may only lead to more conflict, whether direct or unconventional.

U.S. President Donald Trump pauses during address at campaign rally at Mohegan Sun Arena in Wilkes-Barre, Pennsylvania, on August 2. Trump has announced new sanctions on Iran after withdrawing from the 2015 nuclear deal. REUTERS/Leah Millis

Priscilla Moriuchi, director of strategic threat development at cyber threat intelligence company Recorded Future, told AP that while no specific attacks have been identified, "we have seen an increase in chatter related to Iranian threat activity over the past several weeks." In May, Recorded Future said Trump's withdrawal from the Joint Comprehensive Plan of Action (JCPOA) would prompt an Iranian cyber attack within four months.

Iran was the target of a significant attack in 2010—the U.S.-Israeli "Stuxnet" attack on Iran's Natanz nuclear facility. The virus destroyed around 20 percent of all centrifuges at the site and heralded the maturation of cyber military operations.

Since then, the country has since been working hard to increase its cyber warfare reach, while accusing America of continued cyber harassment. For its part, the U.S. government blamed Tehran for a series of attacks on American banks between 2011 and 2014 that caused tens of millions of dollars in damages, and the Israelis claim to fight off hundreds of Iranian cyber operations each day.

Moriuchi said the most at-risk institutions were banks and financial services, government departments, critical infrastructure providers and oil and energy providers—the groups that were targeted by Iranian activity between 2011 and 2014.

The U.S. Justice Department has indicted seven Iranians on suspicion of attacking several banks and trying to take over a New York dam in 2011, allegedly on the orders of the Iranian government. In March this year, another nine Iranians were charged with trying to steal academic data from hundreds of American colleges and attempting to access email accounts of government employees and private citizens.

RTR4LBN0 (1)
Department of Homeland Security workers are pictured at the National Cybersecurity and Communications Integration Center in Arlington, Virginia, on January 13, 2015. Experts say the U.S. is preparing for Iranian cyber attacks in retaliation for the new sanctions. REUTERS/Larry Downing

Iran's spokesman at the UN, Alireza Miryousefi, maintains Tehran's cyber capabilities are used "exclusively for defensive purposes." He claimed the U.S. is "the most aggressive country in the world in offensive cyber activity and publicly boasted about attacking targets across the world."

The U.S. military dwarfs the Iranian forces. However, the country's leaders have lauded its asymmetric warfare strength. Whether covert operations, support for foreign proxies or cyber warfare, Tehran has a range of options to strike American allies and interests.

"I think there is a good chance Iran will use cyber," said Norm Roule, former Iran manager at the office of the director of national intelligence. Though any operation would be tempered by the need to retain good relations with European nations who remain committed to the JCPOA, " I just don't think the Iranians will think there is much cost to doing this," he argued.

"Iran's cyber activities against the world have been the most consequential, costly and aggressive in the history of the internet, more so than Russia," Roule continued.

Though Director of National Intelligence Dan Coats refused to comment on the possibility of coming Iranian attacks, the FBI told AP Tehran could "use a range of computer network operations—from scanning networks for potential vulnerabilities to data-deletion attacks—against U.S.-based networks in response to the U.S. government's withdrawal" from the JCPOA.