8.1 Iranian Cyber Operations

Iran’s growing expertise and willingness to conduct aggressive cyber operations make it a major threat to the security of U.S. and allied networks and data. Iran’s opportunistic approach to cyber attacks makes critical infrastructure owners in the United States susceptible to being targeted by Tehran, particularly when Tehran believes that it must demonstrate it can push back against the United States in other domains. Recent attacks against Israeli targets show that Iran is more willing than before to target countries with stronger capabilities.

(Office of the Director of National Intelligence (ODNI), 2023)

From the birth of the Islamic Republic in 1979, Iran has been concerned about threats to its revolutionary government. The Ministry of Intelligence and Security (MOIS) is therefore responsible for intelligence and counterintelligence, conducting operations both internal and external to Iran. MOIS operations also use cyber. For international operations, the MOIS uses the Quds Force to conduct covert operations outside of Iran, including cyber. The Quds Force reports to the Islamic Revolutionary Guards Corps (IRGC) (Figure 8.1).

As shown in Figure 8.1, the MOIS is in charge of all covert operations, using the Quds Force to perform missions outside of Iran. Many of these operations are counterintelligence, ensuring the security of the Islamic Republic and key programs that support the regime, including a developing nuclear ...