Targeted strike on computer-controlled weapons of Iran’s Islamic Revolutionary Guard had been planned over weeks

This article is more than 1 year old

This article is more than 1 year old

The US military launched a cyber-attack on Iranian weapons systems on Thursday, according to sources, as President Donald Trump backed away from plans for a more conventional strike in response to Iran’s downing of a US surveillance drone.

The hack disabled Iranian computer systems that controlled its rocket and missile launchers, two officials told the Associated Press, and were conducted with approval from Trump. A third official confirmed the broad outlines of the strike. All spoke on condition of anonymity because they were not authorised to speak publicly about the operation.

Two of the officials said the attacks, which specifically targeted computer systems of Iran’s Islamic Revolutionary Guard Corps (IRGC), had been provided as options after two oil tankers were bombed. The IRGC has been designated a foreign terrorist group by the Trump administration.

Over the past year US officials have focused on persistently engaging with adversaries in cyberspace and undertaking more offensive operations.

Trump: I'll be Iran's 'best friend' if it acquires no nuclear weapons Read more

Tensions with Iran have escalated since the US withdrew last year from the 2015 nuclear deal with Iran and began a policy of “maximum pressure”. Iran has since been hit by multiple rounds of sanctions.

Tensions spiked this past week after Iran shot down an unmanned US drone – an incident that nearly led to a conventional US military strike against Iran on Thursday evening.

The cyberattacks are the latest chapter in the US and Iran’s ongoing hacking of each other.

In recent weeks hackers believed to be working for the Iranian government have targeted US government agencies, as well as sectors of the economy including finance, oil and gas, sending waves of spear-phishing emails, according to representatives of cybersecurity companies CrowdStrike and FireEye, which track such activity. This new campaign appears to have started shortly after the Trump administration imposed sanctions on the Iranian petrochemical sector this month.

It was not known if any of the hackers managed to gain access to the targeted networks.

“Both sides are desperate to know what the other side is thinking,” said John Hultquist, director of intelligence analysis at FireEye. “You can absolutely expect the regime to be leveraging every tool they have available to reduce the uncertainty about what’s going to happen next, about what the US’s next move will be.”

The Department of Homeland Security said in a statement released on Saturday that its agency tasked with infrastructure security has been aware of a recent rise in malicious cyber activities directed at US government agencies by Iranian regime actors and proxies.

The National Security Agency would not discuss Iranian cyber actions specifically, but said in a statement to the AP on Friday that “there have been serious issues with malicious Iranian cyber actions in the past”.

“In these times of heightened tensions, it is appropriate for everyone to be alert to signs of Iranian aggression in cyberspace and ensure appropriate defences are in place.”