Iranian Spear-Phishing Attacks Escalate amid Rising Tensions with U.S.

Recent reports of spear-phishing emails targeted at U.S Government agencies have fed into fears that offensive Iranian cyber-attacks could be increasing amid rising tensions between the Middle-Eastern country and the U.S.

Earlier this month the Trump administration ordered a drone strike that resulted in the death of Iran’s most important general, Qassim Soleimani, commander of Iran’s elite Quds Force. Cyber security experts have suggested that cyber-attacks are a possible outlet for Iranian forces as they seek revenge for Soleimani’s death.

“You can absolutely expect the regime to be leveraging every tool they have available to reduce the uncertainty about what’s going to happen next, about what the U.S’s next move will be.” – Director of Intelligence Analysis at FireEye John Hultquist said, speaking to CNBC. 

Cybersecurity companies like Hultquist’s FireEye have tracked the increase of spear-phishing campaigns targeted at both federal and private organisations supporting critical U.S infrastructure.

Spear-phishing attacks are a highly targeted form of phishing email, where a malicious actor will craft a bespoke email and send this to a well-researched target. These emails are difficult to spot and hard to stop. Spear-phishing campaigns can use means such as sending a target a document, or links to a credential-stealing website, or even using social engineering to gain access to information or payouts.

These emails can be designed using background information that has been harvested from legitimate lead generation sites, social media websites such as Linked In, and any other information attackers can find to create authority or credibility within their email campaign.

CNN reported that Iran has a long-standing history of cyber-attacks closely following changes in their relationship to the U.S. and have shown an aptitude for strong cyber capabilities, previously attacking major American banks with Denial of Service attacks.

The appeal of cyberwarfare lies in its lack of transparency, and low risk to military personnel. Cybersecurity officials have warned businesses and government agencies should remain vigilant in the wake of these phishing campaigns, as it is unlikely access would be immediately exploited by Iranian forces.

Given the nature of the IoT, global supply chains, and our increasingly interconnected environments, the effects of cyber warfare can result in real disruption and damage to infrastructure. The potential for this was seen in 2013 when, during a cyber attack on a dam in New York Iranian hackers gained access to a flood control system.


Cogito Group is an award-winning cybersecurity company specialising in authentication, cloud security, identity management and data protection. Cogito Group protect the authentication methods used to access information through the use of Identity and other security technologies.