The Iranian government has promised "forceful revenge" in response to the U.S. airstrike that killed its top military commander Qassem Soleimani. In wake of the deadly attack, the U.S. is bracing itself for possible reprisal attacks. However, it remains unclear how and when the Iranians will retaliate.
"[Soleimani's] departure to God does not end his path or his mission," Ayatollah Ali Khamenei said in a statement on Friday, "but a forceful revenge awaits the criminals who have his blood and the blood of the other martyrs last night on their hands."
Though Iran has limited military capabilities, it could take retaliatory action in a number of ways, such as using its ballistic missiles to target U.S. military bases in the region; direct its network of militia proxies to attack U.S. citizens and businesses; or call on its army of hackers to strike U.S. infrastructure. According to experts, the latter is much more likely than traditional warfare.
"Soleimani was an extremely significant figure, and Iran will likely use any assets at its disposal to retaliate in a way that won’t spark an all out war," Jake Williams, a former NSA hacker currently with Rendition Infosec, told Mother Jones. "I would expect to see destructive cyberattacks in at least a few networks where Iranian government hackers already have a presence."
In June 2019, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency said it was "aware of a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies." The department issued a statement that specifically pointed to the hackers' use of malware that deletes data from a computer.
"Iranian regime actors and proxies are increasingly using destructive 'wiper' attacks, looking to do much more than just steal data and money," CISA director Chris Krebs said in the statement. "These efforts are often enabled through common tactics like spear phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network."
Krebs reiterated the warning on Friday, as U.S. officials continued to assess Iran's next step.
The Iranians have carried out a series of cyberattacks on American targets over the last decade. Mother Jones points out that in 2010, it was revealed that an Iranian nuclear research site had been hit with computer virus known as Stuxnet. The worm aimed to derail Iran's nuclear program by destroying hundreds of uranium enriching centrifuges. It is believed that virus was developed by the US and Israeli intelligence.
About two years after Stuxnet was discovered, Iranian state-backed hackers began launching a series of cyberattacks on U.S. banks, the New York Stock Exchange, and NASDAQ in response to U.S. sanctions. In 2014, the hackers took aim at the Sands Casino in Las Vegas, reportedly causing more than than $40 million in damage.
"After Stuxnet, they built up multiple units across government and proxies, including the Quds that Soleimani led," Peter Singer, a cybersecurity-focused strategist at the New America Foundation, told Wired. "Those forces aren't equal to those of the U.S., certainly, but they have the capability to cause serious damage, especially if they're not worried about attribution, which they may indeed now want."
On Saturday night, a group claiming to be Iranian hackers took credit for defacing the home page of the U.S. Federal Depository Library program. The site featured an image of a bloody-faced Donald Trump being punched by the Islamic Revolutionary Guard fist.
"We are aware the website of the Federal Depository Library Program (FDLP) was defaced with pro-Iranian, anti-US messaging," Sara Sendek, a spokesperson for DHS' Cybersecurity and Infrastructure Security Agency, told CNN. "At this time, there is no confirmation that this was the action of Iranian state-sponsored actors. The website was taken off line and is no longer accessible. CISA is monitoring the situation with FDLP and our federal partners."
President Trump also addressed Iran's vow to take revenge on Twitter, claiming the U.S. military was ready to fire back at 52 culturally significant Iranian sites.