The National Security Agency (NSA) believes Iran may have learned some of its rapidly evolving cyber capabilities from suspected U.S. attempts to hack the Middle Eastern nation.

Iran was hit with a series of with massive cyberattacks in 2012, which destroyed nearly a fifth of the country’s nuclear centrifuges and forced the country to disconnect some of its oil companies from the Internet. The U.S. and Israel are widely thought to have launched many, if not all, of the attacks.

ADVERTISEMENT

Now a new internal NSA document from government leaker Edward Snowden shows the cyber assaults may have had an unintended consequence — showing Iran how it was done.

The Intercept on Tuesday published the NSA memo, developed for a 2013 meeting with the surveillance agency’s British counterpart, the Government Communications Headquarters (GCHQ).

“Iran, having been a victim of a similar cyberattack against its own oil industry in April 2012, has demonstrated a clear ability to learn from the capabilities and actions of others,” the document said.

It’s believed Iran in late 2012 was behind a destructive cyberattack against Saudi Aramco, the world’s largest oil producer. The digital hit wiped data from over 30,000 computers.

The NSA thinks the Iranians might have picked up some of its tactics for the incident from examining the western cyberattacks earlier that year.

“Iran’s destructive cyber attack against Saudi Aramco in August 2012, during which data was destroyed on tens of thousands of computers, was the first such attack NSA has observed from this adversary,” the document said.

Tehran has quickly joined the ranks of the world’s major cyber powers. Experts say the country is rapidly closing the gap between itself and the U.S., China and Russia.

But ongoing discussions to restrain Iran’s nuclear program have caused the country to limit some of its more aggressive cyberattacks targeting the U.S.