The killing of Qassem Soleimani by the U.S. on Jan. 3 resulted in widespread speculation that Iran would retaliate with a forceful cyber attack, especially given its recent prodding of the U.S. electric grid. The FBI and Department of Homeland Security both issued warnings of a possible Iranian cyber attack. Iran has historically carried out retaliatory or punitive cyber attacks in response to foreign aggression, but it has become more reticent and strategic in its targeting in recent years. Thus far, the only malicious cyber activity connected to the killing has been a handful of website defacements — unsophisticated, low-impact attacks that could easily have been carried out by independent patriotic hackers or hooligans.

While the Saudi National Cybersecurity Authority has published a technical report overviewing a new, apparently Iran-originated malware named “Dustman” that was executed on Dec. 29, 2019, it appears not to be linked to the recent U.S.-Iran escalation. It was detonated prior to both the attack on the U.S. Embassy in Baghdad and the killing of Soleimani. ZDNet later reported that the target of the attack was Bapco, Bahrain’s national oil company, and that its impact was relatively limited.

As the dust begins to settle on the Soleimani flashpoint in U.S.-Iran tensions, the fear of an imminent Iranian cyber attack appears to be subsiding. However, Iran’s continued development of cyber capabilities and prodding of critical infrastructure targets remain serious risks. Tehran’s expanding disinformation capabilities and its cyber targeting of Donald Trump’s reelection campaign also make the specter of interference in the 2020 U.S. election quite grave. The Iranian pattern of “strategic patience” has evidently transferred to its cyber activity, justifying vigilance, but not panic.


Michael Sexton is a Fellow and the Director of MEI's Cyber Program.

Photo by Babak Jeddi/SOPA Images/LightRocket via Getty Images