2 May 2023

Microsoft Threat Intelligence issued a report assessing that “Iran continues to be a significant threat actor, and it is now supplementing its traditional cyberattacks with a new playbook, leveraging cyber-enabled influence operations (IO) to achieve its geopolitical aims. Microsoft has detected these efforts rapidly accelerating since June 2022”. “These operations remain focused on Israel, prominent Iranian opposition figures and groups and Tehran’s Gulf state adversaries”, it noted. “Iran directed nearly a quarter (23 per cent) of its cyber operations against Israel between October of 2022 and March of 2023, with the U.S., United Arab Emirates and Saudi Arabia also bearing the brunt of these efforts… The goals of its cyber-enabled IO have included seeking to bolster Palestinian resistance, fomenting unrest in Bahrain, and countering the ongoing normalisation of Arab-Israeli ties, with a particular focus on sowing panic and fear among Israeli citizens”. The report also predicted that “that future threat of increasingly destructive Iranian cyberattacks remains, particularly against Israel and the U.S., as some Iranian groups are likely seeking cyberattack capabilities against industrial control systems. Iranian cyberattacks and influence operations are likely to remain focused on retaliating against foreign cyberattacks and perceived incitement of protests inside Iran”.

Subscribe to Crisis Group’s Email Updates

Receive the best source of conflict analysis right in your inbox.