6 July 2020

Did a Cyber-Weapon Blow Up an Iranian Missile Factory—And Is This Cyber-War?

by Matthew Petti 

An Iranian general would not rule out that a massive explosion east of Tehran last week was caused by “hacking,” amidst speculation that the incident was an act of sabotage.

Iranian authorities had attempted to downplay the blast—which tore through a missile factory east of Tehran—as a gas tank explosion at a different industrial park. But one official refused to rule out an act of cyber-sabotage.

“On the explosion of the Parchin gas facilities, it has been mentioned that the incident was caused by hacking the center's computer systems,” said Brig. Gen. Gholamreza Jalali, head of the Passive Defense Institution, at a conference on anti-chemical weapons defense. “But until we come to a conclusion on the dimensions of this incident and the claim, we cannot comment.”

The explosion damaged the Khojir missile production complex, according to satellite imagery, but Iranian authorities have insisted that it actually took place at the Parchin industrial park forty kilometer away.

The apparent coverup—along with international tensions around Iran’s missile program—have raised suspicions of foul play.


Iran’s missiles were a topic of debate at the UN Security Council on Tuesday, which was debating whether to extend an international arms embargo on Iran. The United States is using a recent Iranian space launch to argue that Iran is pursuing a dangerous ballistic missile program.

The United States and Israel have worked together to sabotage the Iranian nuclear program in the past, using motorcycle-borne assassins to kill scientists and a cyberweapon called Stuxnet to damage nuclear facilities. A site like Khojir would fall within the crosshairs of a similar campaign aimed at Iran’s conventional missiles.

Israeli journalist Barak Ravid asked U.S. envoy Brian Hook about last week’s explosion during an interview for Channel 13.

“We don't have any observations to make on that,” replied Hook, the State Department official in charge of Iranian affairs. He added that Iran’s missile program is “very concerning.”

Israeli officials also told the New York Times that they were not involved.

“There is a motivation, when you're using a cyberweapon, to leave attribution murky…to keep cyber conflict below the threshold of armed conflict, and to minimize the risk of geopolitical fallout,” said Daniel Frey, a cyber threat investigator at Advanced Intelligence LLC.

Stuxnet was an extremely sophisticated weapon designed to evade detection. It interfered with the control systems for nuclear centrifuges, causing them to spin too quickly or too slow, while giving false readings to the controller.

Things have changed, however, since the Stuxnet era.

Iran and North Korea are now “second to Russia and China” in terms of cyber-warfare capabilities, Frey said. "It is clear that Iran now poses a threat to critical infrastructure, and the U.S. government itself recognizes this.”

U.S. officials have warned that Iran’s cyber-arsenal is increasingly sophisticated. Advanced Intelligence LLC found that an Iranian cyber-entity named Achilles may have even compromised British government and Australian defense industry accounts.

Yelisey Boguslavskiy, head of research at Advanced Intelligence LLC, claims that Achilles “is not only active but is expanding their hacking activities targeting critical national infrastructure” in cooperation with Russian-speaking ransomware attackers.

Last week, Achilles attempted to sell “3.5 TB of data from a high-profile defense manufacturer that among other services provides ship and submarine manufacturing solutions, land warfare systems upgrades, and R&D services for military aircraft radar systems,” according to Boguslavskiy.

“Iran has some semblance of cyber-deterrence against the United States,” Frey said. “That could affect the United States'—or Israel's, for that matter—risk calculation.”

That didn’t stop U.S. forces from striking an Iranian oil tanker database last April.

There is another risk, as well.

“When an actor attacks an entity in cyberspace, he risks alerting the victim to the presence of the exploited security vulnerability, which could result in a patch, and consequently, lost intelligence,” Frey said.

Matthew Petti is a national security reporter at the National Interest. Follow him on Twitter: @matthew_petti.

No comments: