Microsoft Threat Intelligence has reported that 24 malicious operations in cyberspace aimed at promoting the Middle Eastern political agenda of Iran were recorded in 2022. The operations were carried out by digital criminals from Iran and targeted Israel, the USA, the UAE, and Saudi Arabia. The main goals were to support the Palestinian resistance, incite riots in Bahrain, undermine current efforts to normalize relations between Israel and Arab states, terrorize Israeli citizens, and suppress internal protests in Iran.
Most of the influence is attributed to the Iranian IT-organization of Emennet Pasargad, with activity monitored under the pseudonym Cotton Sandstorm. In 2020, the group hacked an unnamed website of the American government relating to that year’s election. Third-party intervention meant the damage was avoided, but Emennet Pasargad was still the subject of sanctions.
Similar malware campaigns by various Iranian groups often include both spy operations and destructive attacks. Microsoft researchers point out that groups associated with Iran are turning increasingly to information operations within their cyber strategy. This may be the result of a retaliatory campaign conducted against Iranian targets by Israeli or American organizations.
Microsoft believes that Iranian cyber attacks and information operations will continue to occur, with little change in tactics or methods. These attacks are deemed effective by the Iranian government.