For four days in early December, Iran’s top university ground to a halt. Web-conferencing software for COVID-constrained classes didn’t work. Faculty and students couldn’t access their records.
It was the latest round of attack in the low-level but escalating cyberhostilities between Iran and its adversaries, especially Israel, which have exchanged tit-for-tat hacks in a long-running shadow campaign of mutual destabilization. But the hit on the University of Tehran and other incidents like it represent a shift, experts say, from the regular targeting of military and nuclear sites toward a full-fledged cyberwar on civilian infrastructure.
“That’s an important distinction about cyberconflicts — they generally affect civilians and get the private sector,” said John Hultquist, vice president of intelligence analysis at the U.S. cybersecurity firm Mandiant.
“They’re not about military objectives. … The government is often not the audience for a lot of these incidents.”
The expansion of the Middle East cyberbattlefield comes as Iran improves defense of its controversial nuclear program, said Maysam Behravesh, a research associate at the Netherlands-based Clingendael institute who was an intelligence analyst and foreign policy advisor for Iran’s Ministry of Intelligence and Security from 2008 to 2010.
“Given that Iran’s nuclear facilities have spread all over the country and attacking the program has become much more complicated, Israel has adopted a new approach — conducting massive cyberattacks on sensitive civilian targets like dams, gasoline stations and power plants to foment nationwide riots with the objective of toppling the regime or keeping the rulers busy with day-to-day, endless riots,” Behravesh said.
Besides the University of Tehran attack earlier this month, Iran’s second-largest airline, Mahan Airlines, got hacked in November, its website made inaccessible. A large-scale hack in October disabled pumps at 4,300 gas stations across the country.
In August, a hacker group called Edalat-e…