In Shadow of Ukraine-Russia Cyberwar, Iranian Hackers Go on the Offensive

The FBI, NSA and U.K. cyber authorities warn of Iranian government-sponsored hackers ‘conducting cyber espionage’ against targets across the world

Omer Benjakob
Omer Benjakob
Send in e-mailSend in e-mail
Iranian President Ebrahim Raisi delivers a speech in Tehran, in January.
Iranian President Ebrahim Raisi delivers a speech in Tehran, in January.Credit: ATTA KENARE / AFP
Omer Benjakob
Omer Benjakob

As the Russian invasion of Ukraine spilled over into the cyber realm, Iranian hackers affiliated with the country’s military intelligence have launched a global cyber espionage campaign, the U.S. and the U.K. said in a rare warning issued over the weekend.

Ukraine has been hammered by digital intrusions and denial-of-service attacks both in the run-up to and during the Russian invasion, Reuters reported over the weekend. Britain and the United States said Russian military hackers were behind a spate of DDoS attacks last week that briefly knocked Ukrainian banking and government websites offline before the Russian invasion. Russia has denied the allegations.

Meanwhile, the U.S. and the U.K. also issued warnings against a group of Iranian hackers known as MuddyWater. In January, the U.S. Cyber Command confirmed what Israeli cyber researchers have long claimed: that MuddyWater is operating on behalf of Iran’s Intelligence and Security Ministry and the Iranian Revolutionary Guard Corps.

The group has been active since at least 2015, using different names, and has targeted victims from Israel, Saudi Arabia, Jordan, the UAE as well as others in Asia. Their hacking efforts run the gamut of cyberespionage, offensive attacks, influence operations and even cybercrime, which was used to conceal their true intentions.

Over the weekend, the American CISA, NSA, FBI, and Cyber Command issued a joint statement with the United Kingdom’s National Cyber Security Centre, detailing malicious cyber operations by Iranian government-sponsored” hackers known as MuddyWater.

“MuddyWater is conducting cyber espionage and other malicious cyber operations as part of Iran’s Ministry of Intelligence and Security (MOIS), targeting a range of government and private-sector organizations across sectors—including telecommunications, defense, local government, and oil and natural gas—in Asia, Africa, Europe, and North America,” the statement said.

Though Israel and Iran have long been engaged in a proxy cyber war, Russian aggression in the Ukraine has pushed the cyber front to center stage as the former tried to leverage the digital arena for its offensive military ends. In response, Reuters reported on Thursday that the Ukrainian government has called for volunteers from the country's hacker underground to help protect critical infrastructure and cyber-spy on Russian troops.

On Saturday, Ukrainian officials said the country will create an "IT army" to fight against Russia's digital intrusion. "We are creating an IT army," Vice Prime Minister Mykhailo Fedorov wrote Saturday in a Tweet that linked to a channel on the Telegram messaging app which published a list of prominent Russian websites.

"There will be tasks for everyone. We continue to fight on the cyber front. The first task is on the channel for cyber specialists," he tweeted. The Telegram channel listed the websites of 31 major Russian businesses and state organizations including energy giant Gazprom, Russia's second-largest oil producer Lukoil, three banks and a handful of government websites., the official website of the Kremlin and the office of Russian President Vladimir Putin, was taken offline on Saturday in an apparent distributed denial of service (DDoS) attack.

Tensions have also spilled over into Israel, whose tech scene and cyber firms are home to thousands who have family in either Russia or Ukraine. Israeli tech also employs roughly 15,000 Ukrainians remotely and tensions are running high as tech firms scramble to relocate their workers and provide support for those who have remained in the country.

There are also concerns Israeli firms with a presence in the country or supplying it with services will also be targeted or pulled into the fray. On cyber forums over the weekend, some voiced concerns that Israelis with ties to Ukraine may also volunteer and use their cyber skills to heed the country’s call to digital arms, however no such case has yet been reported.

Reuters contributed background to this report.

Click the alert icon to follow topics:



Automatic approval of subscriber comments.
From $1 for the first month

Already signed up? LOG IN


The Orion nebula, photographed in 2009 by the Spitzer Telescope.

What if the Big Bang Never Actually Happened?

Relatives mourn during the funeral of four teenage Palestinians from the Nijm family killed by an errant rocket in Jabalya in the northern Gaza Strip, August 7.

Why Palestinian Islamic Jihad Rockets Kill So Many Palestinians

בן גוריון

'Strangers in My House': Letters Expelled Palestinian Sent Ben-Gurion in 1948, Revealed


AIPAC vs. American Jews: The Toxic Victories of the 'pro-Israel' Lobby

Bosnian Foreign Minister Bisera Turkovic speaks during a press conference in Sarajevo, Bosnia in May.

‘This Is Crazy’: Israeli Embassy Memo Stirs Political Storm in the Balkans

Hamas militants take part in a military parade in Gaza.

Israel Rewards Hamas for Its Restraint During Gaza Op