Analysis

Iranian-Russian cooperation on hack attacks may challenge Israeli cyber supremacy

A recent bid to bring down Israeli websites by a group believed linked to Moscow suggests Tehran is getting help upping its cyber warfare capabilities after years of being stymied

Dr. Avi Davidi edits The Times of Israel's Persian edition

Illustrative: A cybersecurity expert stands in front of a map of Iran as he speaks to journalists about the techniques of Iranian hacking, on September 20, 2017, in Dubai, United Arab Emirates. (AP/Kamran Jebreili)
Illustrative: A cybersecurity expert stands in front of a map of Iran as he speaks to journalists about the techniques of Iranian hacking, on September 20, 2017, in Dubai, United Arab Emirates. (AP/Kamran Jebreili)

When the websites of Israeli banks, telecom firms, the postal service, and more were taken down by hackers on Friday, the attack came as less than a surprise.

For years, the last Friday of Ramadan — dedicated to anti-Israel rallies championed by Iran under the banner of “Jerusalem Day” — has been accompanied by hacker groups trying to disrupt Israeli life. As in years past, Friday’s cyberattack barely registered a blip, causing only minor service interruptions according to Israeli authorities. What is significant, however, is who may have been responsible and what message that sends to Israel.

The attack was claimed by a group that goes by the name of “Anonymous Sudan,” which is thought to have no meaningful connection to the Anonymous hacking collective or the Saharan country currently locked in deadly civil strife.

Rather, experts believe the group has strong links to Russia, and given Iran’s prominent role in directing anti-Israel activity to mark Jerusalem Day, many see its fingerprints behind the cyber-assault as well.

If confirmed, Iranian-Russian cooperation in cyberspace would mark a new stage in the long-running shadow war between Israel and Iran, which has largely been waged in computer code. Such a breakthrough would significantly affect the regional balance-of-power — in favor of the Islamic Republic.

Cyberwarfare between Iran and Israel has escalated over the last six years. Israel, determined to prevent Iran from acquiring a nuclear weapon and advanced missile capabilities, is understood to have been behind cyberattacks that have disrupted the functioning of the Islamic Republic and have caused damage to Iranian installations. Among the best-known instances was the 2010 Stuxnet bug, which was credited with destroying centrifuges being used to develop Iran’s nuclear program. The attacks have continued since then.

Iran is also determined to build up its cyber capabilities to respond to Israeli hacking and initiate its own attacks. A 2020 cyberattack targeting Israeli water facilities was probably the first Iranian foray into the cyber war.

Israel’s cyber defenses have so far prevented major damage, but Tehran has not given up trying. With military cooperation between Tehran and Moscow already ramping up against the backdrop of the war in Ukraine, it would seem fitting for the Islamic Republic to turn to Russia in order to upgrade its cyber capabilities and seek opportunities for a joint initiatives.

Most of the cyberattacks carried out by Israel and Iran against each other to date appear to be forms of psychological warfare, operations aimed at influencing public opinion in the target country to put pressure on the ruling regime, or to spark destabilizing protests.

Such attacks usually do not cause irreversible damage to the targets or end with innocent civilians being killed. The list of soft targets thought hacked by Iran in recent years includes The Technion — Israel Institute of Technology (2023), rocket alert sirens which were set off in Jerusalem and Eilat (2022), breached security cameras (2022), the LGBTQ website Atraf (2021), and the Shirbit insurance company (2020).

The Eshkol water filtration plant in northern Israel, April 17, 2007. (Moshe Shai/FLASH90)

It is unlikely that Iranians needed help from Russia to hack Israeli websites on Friday, which were fairly rudimentary distributed denial of service, or DDoS, attacks. But carrying out a coordinated attack with Russian hackers would send a strong message to Israel.

Anonymous Sudan first began taking credit for hack attacks in January, and has seemingly focused on targeting European countries in retaliation for perceived anti-Muslim activity. Experts have noted that most Telegram messages from Anonymous Sudan are in Russian or English and have linked the group to Russian hacker gang Killnet, which has launched DDoS attacks in European countries that back Ukraine.

Killnet and Anonymous Sudan also often amplify each other’s messages on social media. In February, Killnet published a message from Anonymous Sudan claiming to have taken down the website of Israeli cybersecurity firm Radware.

In the framework of the growing military cooperation between Iran and Russia during the war in Ukraine, Moscow has been supplying Tehran with cyber know-how and is helping it gain advanced digital-surveillance capabilities, the Wall Street Journal reported last month.

Iran has transferred drones, short-range missiles and other munitions to Russia, bolstering its flagging war effort. It also reportedly hopes to acquire Russian attack helicopters and jet fighters.

The cooperation appears to be part of a new Iranian strategy to strengthen its position in the region, turning former rivals into partners, such as it recently did with Saudi Arabia.

At the same time, Iran is also becoming more heavily involved in coordinating anti-Israeli activity among terror groups in the Gaza Strip, Lebanon, and Syria. That cooperation was seen earlier this month as terrorists in Gaza and Lebanon shot large volleys of rockets at Israel. Days earlier, the head of the Islamic Revolutionary Guards Corps Quds Force expeditionary unit met in Lebanon with the heads of Hezbollah and Hamas. And on Friday, the Iranian president delivered an unprecedented virtual address to Palestinians at a Jerusalem Day rally in Hamas-controlled Gaza.

Intensified cyber cooperation between Iran and Russia poses a threat to Israel, the United States, and their allies. Russia, not Iran, is in the driver’s seat in terms of defining how far the cooperation goes, and could be pressured to limit it.

While Russia has ignored Israeli lobbying vis-a-vis cooperation with Iran in the past, it could be threatened by the prospect of Tehran using its cyber prowess against Moscow in the future.

But so long as Russia and Iran are still hacking it together, Israel should be prepared to deal with cyber onslaughts that could cause real trouble.

Most Popular
read more: