























Threat Insight
On paper, Iran has considerable cyber capabilities, but they may have been degraded by a combination of US and Israeli offensive cyber capabilities and kinetic strikes. Threat actors from both Iran’s Ministry of Intelligence and Security (MOIS), the civilian intelligence service, and the Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO) have attempted to conduct destructive cyberattacks against targets in the US, Israel, and the Gulf states during the active phases of the war.
These attacks include attempts to compromise programmable logic controllers (PLC) exposed to the internet and used in water supply systems in the US, as well as deploying a wiper against a US healthcare company and the email server of Albania’s parliament. Iranian threat actors have tried to frame these attacks as strikes on critical infrastructure, even though they have largely failed to have any real impact on their adversaries.
The main threat of hybrid-warfare cyberattacks against Europe today comes from Russia. The more precarious Russia’s military situation becomes in Ukraine, the higher the risk that Russia chooses to escalate destructive cyberattacks in the Nordics. As long as the conflict continues, Iran’s limited cyber efforts will likely continue to focus on putting pressure on the US, Israel, and the Gulf states. Unless European countries act in a way that is perceived as a threat to the Iranian bargaining position, such as directly supporting a military operation to reopen the Strait of Hormuz, it is unlikely that major Iranian cyber operations beyond potential espionage will target Europe.
This is a resilience issue for business-critical and society-critical operations. The concern is wider than direct compromise. The real challenge is disruption, recovery pressure, and executive decision-making during periods of geopolitical tension. Leadership should view this as a risk to service continuity, safety, crisis management, and public trust.
ATT&CK pattern: This attack stands out through destructive and disruptive objectives rather than quiet persistence. The attacker seeks operational impact, service interruption, recovery pressure, and loss of control in critical environments.
Architectural weak point: Critical services, operational technology, external communications, and recovery dependencies are often tightly coupled. If resilience architecture is weak, one disruptive event can spread quickly into safety, continuity, and crisis management problems.
Govern: Organizational Context (GV.OC) and Risk Management Strategy (GV.RM): Treat geopolitical cyber risk as part of enterprise risk and resilience planning.
Identify: Asset Management (ID.AM): Know which business services depend on critical infrastructure, industrial control systems, fragile supply chains, or external communications.
Protect: Platform Security (PR.PS) and Technology Infrastructure Resilience (PR.IR): Define fallback modes, stronger segmentation, and protection for the most critical services.
Detect: Continuous Monitoring (DE.CM): Raise monitoring during periods of tension.
Respond: Incident Management (RS.MA) and Incident Response Reporting and Communication (RS.CO): Use one command structure for crisis management, cyber response, and business continuity.
Recover: Incident Recovery Plan Execution (RC.RP): Restore business continuity under the same command structure.
Stay ahead with cyber insights
Stay ahead in cybersecurity! Sign up for Truesec’s newsletter to receive the latest insights, expert tips, and industry news directly to your inbox. Join our community of professionals and stay informed about emerging threats, best practices, and exclusive updates from Truesec.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。