IT Brief US - Technology news for CIOs & IT decision-makers
United States

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Detailed illustration hacker dark room digital maps warning symbols cyber intrusion
#
Malware
#
Cybersecurity
#
Threat intelligence

Cybersecurity on alert as Iran shifts to disruptive digital attacks

Today
Author image
By Shannon Williams, Journalist

Amid rising geopolitical tensions following Israeli airstrikes on Iranian military and nuclear sites, concern is mounting within cybersecurity circles over the prospect of retaliatory cyber campaigns by Iranian actors.

Recent events, such as the high-profile attack on Nobitex, Iran's largest cryptocurrency exchange, have highlighted the escalating use of cyber operations as instruments of both political messaging and practical disruption.

The attack on Nobitex, attributed to a group known as Gonjeshke Darande, drew global attention not only due to the scale of losses but for its apparent aim to damage Iran's financial infrastructure and tarnish the regime's reputation.

In her recent analysis, Lidia López Sanz, Strategic Research Lead at Outpost24, emphasised the unusual nature of the incident. "It is very unusual to see millions of dollars' worth of cryptocurrency burned with the sole purpose of causing disruption and making a political statement," she said. Contrasting this with previous cyberattacks by groups such as the North Korean Lazarus Group, López Sanz noted, "Those had mainly a financial gain motivation. In this case, Gonjeshke Darande appears to have chosen to not steal the funds for profit, in order to deliver a stronger message."

The timing of the hack – in the immediate aftermath of military strikes and amidst Iranian retaliation – underscores its symbolic significance. The deliberate sabotage of millions in digital currency, rather than seeking enrichment, signals a shift in the priorities of state-aligned hacking. Politically motivated cyber incidents are increasingly designed to inflict reputational and economic harm on hostile governments, as well as to communicate resolve to domestic and international audiences.

In the United States, vigilance has been heightened. Tom Pace, former head of cybersecurity for the Department of Energy and now CEO of NetRise, highlighted the rapid mobilisation among Chief Information Security Officers (CISOs) in preparation for potential Iranian retaliation.

"CISOs are moving quickly to prepare… by tightening access controls, validating backups, and watching for TTPs [tactics, techniques, procedures] tied to groups like APT33 and APT34, which are linked to Iran," Pace observed. He stressed that coordination with Information Sharing and Analysis Centres (ISACs) and federal partners is crucial for maintaining up-to-date awareness of threat intelligence and evolving attack patterns.

According to Pace, this moment underscores the urgency of visibility across digital environments: "This reinforces the urgency of visibility to know what code is running where, what it's connected to, and whether it's vulnerable or end-of-life. Software supply chain security is no longer an abstract concept. It's a frontline defence against adversaries who exploit opaque systems." With the threat of custom destructive malware such as wipers, Pace posed a critical question now facing CISOs: "If Iranian actors drop a custom wiper tomorrow, would we know which systems could execute it?"

Iranian cyber actors are expected to focus on exploiting well-known vulnerabilities, especially those in small office and home office (SOHO) routers and outdated infrastructure, with the aim of assembling botnets for disruptive purposes. Pace noted that Iranian strategy diverges from that of China, which tends to pursue intelligence gathering and long-term positioning. In contrast, Iran appears intent on producing conspicuous damage to project strength in the cyber domain. "These targets may be small and incapable of defending themselves and hold little to no strategic value, but Iran needs to have a response that provides the illusion that they are a competent actor on the world stage," he commented.

The events surrounding the Gonjeshke Darande attack and the urgent actions undertaken across the cybersecurity sector illuminate a key trend: the convergence of physical conflict and digital warfare, where attacks are intended not only to extract value, but also to convey political intent and disrupt an adversary's economic foundations. As tensions remain high, organisations worldwide are bracing for further cyber incidents and reassessing their readiness for a new era of hybrid conflict.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
FIRST launches CORE Fund to boost global cyber response skills
Survey reveals staff use AI at work but lack policy awareness
Okta launches Cross App Access to boost AI security in firms
Carnival Cruise Line, DXC partner to enhance IT globally
JFrog & TL Consulting boost APAC software supply chain security

Top stories

Agentic AI ransomware is on its way
The lost art of writing things down
Lenovo unveils new hybrid AI platforms to boost enterprise adoption
GitLab & IBM launch platform to modernise mainframe DevOps
San Jose Sharks turn to AI partners to revolutionise hockey tactics