top of page

The Growing Threat of Iranian Cyber Capabilities

Team: Extremism

Week of: March 22

The Iranian government is making a concerted effort to increase its cyber capabilities to reach geopolitical goals. Some of these capabilities include software that collects personal information, as well as hacking into large financial corporations. These efforts fall under direct government supervision and non-government associated companies such as subcontractors or civilian individuals. The ramifications that follow Iranian cyber capabilities should be closely monitored, especially due to the growing ransomware and identification theft attacks that are becoming profitable for Iranian hackers. With a higher motivation due to the increasing profitability of cyber-attacks, more people will likely participate or begin to fall under the payrolls of more malicious entities like terrorist groups. There is a high likelihood cyber attacks conducted by the Iranian government or subcontractors will continue to occur shortly.

Cryptocurrencies such as Bitcoin have increased the motivation for hackers to join the Iranian government or subcontracted companies to conduct regionally interested attacks, much like the recent attacks in Iraq.[1] Cryptocurrency makes participation in cyberattacks more accessible since blockchain is not a centralized form of currency issued by the state. Therefore, cyberattacks have increased as paying the individuals or companies to conduct these attacks quickly becomes less transparent and difficult to track.

There have been recent cyber attacks conducted by Iranian hackers, indicating that the Iranian government and/or subcontractors have begun to use cyber capabilities against other countries.[2] Considering the growing number of cyberattacks on the U.S., there is a high likelihood that U.S. allies are also being targeted. Iraq has fallen victim to Iranian-backed cyber attacks recently that have been carried out by proxy paramilitary groups.

Iranian-backed paramilitary groups such as the Popular Mobilization Forces (Hashd al-Shaabi, PMF) are conducting assassinations and kidnappings of Iraqi journalists who are openly criticizing Iran and its foreign policies.[3] Freedom of the press has always been an issue in Iraq, but due to the growing influence of Iranian powers, there has been an ever-increasing number of journalists who are either imprisoned in secret or killed for posting media that is openly critical of Iranian goals in the country.

Since October 2019, more than four Iraqi journalists have been killed.[4] One of the most recent killings took place on January 10th, 2020. Ahmed Al-Samaad was killed in Basra, Iraq, for criticizing Iranian influence in a video that circulated quickly through Facebook, as seen below. The support paramilitary groups like the PMF have received from Iran for suppressing free speech is emblematic of that of the Iranian media itself, where press freedom is extremely regulated by government news sources. Freedom of the press in Iraq could be one of many tangents that Iran is attacking to reach political goals. With no action from the Iraqi government, other branches of the state could be breached. Since this attack occurred, the Iraqi government has acknowledged and condemned the murder of Al-Samaad, but has put forth no further plans to reduce further attacks on the Iraqi press.

A Facebook video posted by Ahmed Al-Samaad in Basra, Iraq, January 2020[5]

The PMF, among other paramilitary organizations supported by Iran, has been provided with new cyber capabilities that the Iranian government can use to their advantage. The paramilitary groups possess a variety of software that allows personal information to be stolen from electronics owned by journalists or any individual against Iranian objectives. Given that there is no “safety net” for journalists in Iraq, this software has proven useful in finding their locations, and any other activists who may support them.[6] Journalists and activists alike have been protesting for over a year now over the extrajudicial kidnapping, imprisonment, and killing of journalists who are openly criticizing Iranian and Iraqi politics. While many countries have been paying attention to Iran’s growing cyber capabilities with concern, the toll of these capabilities has directly impacted Iraq’s press freedom. This will likely continue until the Iraqi government provides a safety net for its journalists who would otherwise be in danger of being kidnapped, imprisoned, or killed. This software is likely to fall into the hands of terrorist groups if it has not already. Given this possibility, governments must track the use of this software to prevent new groups of people from being targeted in the future. If these new forms of software are tracked effectively by targeted governments and their allies can prevent data breaches and ransomware attacks that would otherwise deter national security agendas.

The Counterterrorism Group (CTG) will continue monitoring Iranian cyber capabilities. CTG assesses there is a high likelihood that cyberattacks will continue to be carried out on both the U.S. and its allies in the near future. To aid in the prevention of any targeted cyber attacks, the Counterterrorism Group advises that all technological software be kept up to date to reduce any vulnerabilities to pertinent data.

_______________________________________________________________________ The Counterterrorism Group (CTG)

[1] Forget Russia--Iranian Hackers Behind Malicious New Cyber Attacks, Warns New Report, Forbes, November 2020,

[2] Iran Conflict Could Shift To Cyberspace, Experts Warn, NPR, January 2020,

[3] CISA Warns of Iran’s Offensive Cyber Capabilities, Nextgov, December 2020,

[4] Iran-Backed Irawi Militia’s War Against Press Freedom, The National News, January 2020,

[5] Random Arrests by Demonstrators by Shock Forces in Basra, Facebook, January 2020,

[6] Iran-Backed Iraqi Militia’s War Against Press Freedom, The National News, January 2020,



bottom of page