by Claudio Guarnieri & Collin Anderson
Over the past decade, the Islamic Republic of Iran has been targeted by continual intrusion campaigns from foreign actors that sought access to the country's nuclear facilities, economic infrastructure, military apparatus, and governmental institutions for the purpose of espionage and coercive diplomacy. Similarly, since the propagandic defacements of international communications platforms and political dissident sites conducted by an organization describing itself as the "Iranian Cyber Army" beginning in late 2009, Iranian actors have been attributed to a recurrent campaigns of intrusions and disruptions of private companies, foreign government entities, domestic opposition, regional adversaries and international critics. The intent of the CNO activities is not always discernable based on the tactics used or the data accessed, as the end implications of the disclosure of particular information is often distant and concealed. Where such intent is made evident, the reasons for Iranian intrusion campaigns range from retaliatory campaigns against adversaries, as a result of identifiable grievances, to surveillance of domestic opposition in support of the Islamic Republic establishment. Iranian intrusion campaigns have also reflected an interest in internal security operations against active political movements that have historically advocated for the secession of ethnic minority provinces or overthrow of the political establishment through violence. However, Iranian intrusion sets appear to be primarily interested in a broader field of challenges to the political and religious hegemony of the Islamic Republic. Previous reports on Iranian campaigns have referred to the targeting of Iranian dissident. However, in practice those targeted range from reformists operating within the establishment from inside of Iran to former political prisoners forced out of the country.
Across the records of hundreds of intrusion attempts of campaigns conducted by a distinct sets of actors, distinct patterns emerge in the types of individuals and organizations targeted by Iranian actors by internal security operations: high-profile individuals and organizations, such as journalists, human rights advocates or political figures, with extensive relationships and networks inside of Iran; members of the diplomatic establishment of Iran, and former governmental officials under previous administrations; adherents to non-Shia religions, participants in ethnic rights movements, or members of anti-Islamic Republic political organization; academics or public policy organizations critical of the Iranian government; cultural figures that promote values contrary to the interpretation of Islamic values promoted by the establishment; organizations fostering international collaboration and connections with the current Iranian administration; and international organizations conducting political programmes focused on Iran through funding by governmental agencies. In this presentation we will analyze in depth the results of several years of research and investigation on the intrusion activities of Iranian threat actors, particularly engaged in attacks against members of civil society.