Skip to content
Search

Latest Stories

Welcome! Log in to stay connected and make the most of your experience.

Input clean

Iran’s “Kitten” Cyber Hackers Poised to Strike If Trump Shreds Nuke Deal

Iran’s “Kitten” Cyber Hackers Poised to Strike If Trump Shreds Nuke Deal

Tehran poses an increasing cyber threat to the U.S., in light of the Trump administration’s allegations that Iran is violating United Nations Security Council resolutions tied to the nuclear agreement. Iran-sponsored hackers—dismissively referred to as “kittens” for their original lack of sophistication—are bolstering their cyber warfare capabilities as part of their rivalry with Saudi Arabia. But should President Donald Trump take further steps to scrap the nuclear deal, it could mean an uptick in Iranian state-sponsored cyber intrusions into American and allied systems, with the goals of espionage, subversion, sabotage and possibly coercion.

  • Since 2011, Iran has worked to establish itself as a prominent aggressor in cyberspace, alongside China, Russia and North Korea. Evolving from mere website defacement and crude censorship domestically in the early 2000s, Iran has become a player in sustained cyber espionage campaigns, disruptive denial of service (DDoS) attacks and the probing of networks for critical infrastructure facilities.
  • Iran wasn’t pursuing cyber capabilities with much urgency, experts say, until it was revealed  in 2010 that a joint Israeli-U.S. Stuxnet worm sabotaged nuclear centrifuges at Iran’s facility in Natanz. As the first-known instance of virtual intrusions resulting in physical effects, the operation demonstrated the potential effectiveness of such an attack and has informed much of Iranian cyber operations since.
  • Iran often has conducted disruptive cyber operations loosely in response to actions taken by others. It sees offensive cyber operations as an asymmetric but proportional tool for retaliation. For example, following the Stuxnet attack and the imposition of new sanctions on Iran’s oil and financial sectors in 2011, Tehran was suspected of retaliating in 2012 by releasing the Shamoon disk-wiping malware into the networks of Saudi oil giant Saudi Aramco and Qatar’s natural gas authority, RasGas. It also launched volleys of DDoS attacks against at least 46 major U.S. financial systems.
  • Iran commonly conducts its state-sponsored cyber operations behind a thin veil of hacktivism. From 2011 to 2013, a group calling itself the Qassam Cyber Fighters launched DDoS attacks that flooded the servers of U.S. banks with artificial traffic until they became inaccessible. In March 2016, the Justice Department unsealed indictments of seven individuals—employees of the Iran-based computer companies ITSecTeam and Mersad Company—for conducting the DDoS attacks — and intrusions into a small dam in upstate New York—on behalf of the Islamic Revolutionary Guard Corps (IRGC), the arm of Iran’s military formed in the aftermath of the 1979 Iranian revolution.

While much of Iran’s cyber operations have been attempts at asymmetric disruption against its Gulf rivals, Israel and the United States, it has recalculated since the 2015 negotiation of the Joint Comprehensive Plan of Action (JCPOA), the Iran nuclear deal.

Keep reading...Show less
Access all of The Cipher Brief’s national security-focused expert insight by becoming a Cipher Brief Subscriber+ Member.

Related Articles

Doing Battle in the Gray Zone

Doing Battle in the Gray Zone

Subscriber+Members are invited to join us on Wednesday, July 23 at 1:00p ET for an exclusive virtual conversation on gray zone operations led by [...] More

Report for Wednesday, July 9, 2025

9:12 America/New Wednesday, July 9 [...] More

The Real Impact of a Nuclear Bomb

FINE PRINT / OPINION — “This report explores the environmental effects and societal and economic consequences that would be expected to follow in the [...] More

As Taiwan Launches Military Drills, a Pressing Question for Washington

As Taiwan Launches Military Drills, a Pressing Question for Washington

TAIPEI, TAIWAN —Taiwan’s annual military exercise launching this week, will be its largest ever, mobilizing more than 22,000 reservists in response [...] More

Report for Tuesday, July 8, 2025

7:54 America/Chicago Tuesday, July 8 [...] More

U.S. Cyber Defense Starts with Defining Standards and Driving Collaboration

OPINION — President Donald J. Trump has returned to office with the renewed revelations that Chinese government-affiliated hackers continue to [...] More

Expert Q&A: What to Watch for at the Trump-Netanyahu Meeting

EXPERT Q&A — Israeli Prime Minister Benjamin Netanyahu arrived in Washington D.C. on Monday to meet with President Donald Trump at the White House — [...] More

Report for Monday, July 7, 2025

8:03 America/Chicago Monday, July 7 [...] More

Can President Trump Get a "Big, Beautiful" Deal in the Middle East?

Can President Trump Get a "Big, Beautiful" Deal in the Middle East?

CIPHER BRIEF REPORTING – When Benjamin Netanyahu and Donald Trump meet at the White House Monday, they will bring different ideas for resolving two [...] More