The Growing Cyberthreat From Iran: The Initial Report of Project Pistachio Harvest
Malicious Iranian cyber activity has increased significantly since the beginning of 2014. Data indicate that attacks launched from Iranian Internet protocol (IP) addresses increased 128 percent between January 1, 2014, and mid-March 2015. The number of Norse sensors hit by Iranian IPs rose by 229 percent, while the number of distinct IPs used to execute these attacks rose by 508 percent. Iranian companies are renting and buying IT resources in the West, despite sanctions. Hundreds of thousands of domains registered to Iranian people or companies are hosted by companies in the US, Canada, and Europe as a result of Western failures to enforce IT sanctions and regulations governing technology transfers. Some of these resources are then used to conduct cyberattacks on America and its allies. The Islamic Republic is using networks within Iran to conduct sophisticated cyberattacks. The technical nature of the attacks makes it more likely that Iran’s cyber capabilities are expanding.