Opposition Groups Launch Cyberattacks against Iran



Politically motivated cyberattacks launched by Iranian opposition groups are on the rise. The attacks expose Iran’s vulnerability to hackers, represent a major breach of its security and intelligence apparatuses, and embarrass its government which tries to keep a tight  lid on information leakages.

Iran’s online petrol distribution network was hacked last year, paralyzing   fuel stations across the country. Other cyberattacks have targeted Iran’s railway networks, and hackers leaked video footage showing how prison guards had tortured and mistreated inmates.

On January 27, Iran’s government was caught off guard when state-controlled television channels broadcasted dissident calls for Supreme Leader Ayatollah Ali Khamenei’s death and showed images of dissident leaders Masoud and Maryam Rajavi. Both are leaders of the exiled opposition group, the Mujahedin Khalq Organization (MKO).

Similar hacking incidents this year involved the streaming of videos into the Tehran and Mashhad bazaars in support of MKO. In the Mashhad bazaar, the videos featured chants calling for Khamenei’s death and curses against Khomeini.

In March, the Iranian disciplinary police force said it had identified individuals who had helped the MKO stream anti-regime propaganda that  called for  Khamenei’s death through loudspeakers in Shahriar, a semi-rural community on the outskirts of  Tehran. According to the police, plans were also underway to stream similar messages across Shahriar.

Tehran blamed dissidents backed by hostile foreign governments for the cyberattacks. But MKO leaders denied hacking for 10 seconds  state-run television programs, although they confirmed that MKO supporters inside Iran may have carried out the hacks.

Clearly, Iran’s outdated software and hardware systems  are increasingly vulnerable to hacking. But to rub salt into the wound, the  US-Israeli cyber security provider Check Point revealed the technical details regarding  the hacking of Iranian infrastructure since  last year. It said  the hacking was done using relatively low quality tools, and suggested that insider help  enabled the hacks.

In response to increased opposition propaganda, Iran advanced a bill to monitor and control the internet. A draft bill was in fact first proposed in 2018 but faced domestic opposition which delayed its ratification. Internationally, UN human rights experts issued a statement demanding Iran  not to pass the bill, given the fact that there is concern that if passed, the government  will launch a mass crackdown on opposition groups and protestors as it did  during the nationwide anti-government protests between 2017 and 2019.   Moreover, these experts fear that the bill, if implemented, will weaken oversees monitoring of any abuses taking place against opposition groups and protesters.

Iran’s Parliament finally ratified the general framework of the bill recently and labeled it the “Plan to Protect the Virtual Space” But given the national opposition to the bill, it was sent back to the Parliament for a second review.  Over a million signatures were collected inside Iran last year to reverse the bill. The ratification was nullified, despite the insistence by parliamentarians to implement the bill to preempt future nationwide protests.

Then on March 4, the internet was disrupted in Tehran and  its surrounding areas once again. The government blamed the disruptions on fires and technical problems. Many in Iran saw the problem resulting from the steps to control cyberspace. A new parliamentary draft bill now threatens to limit access to social media in Iran, including  platforms with large numbers of users  such as WhatsApp and Instagram. The bill will also limit business transactions  through apps with foreign financial or banking entities.

Most Iranians complain that substitute apps set up by national companies in Iran are of poor quality and service, and hardly user friendly. Internet speeds are also slow across the country, leading to protests in recent months, with Iranians demanding   quicker access.  In fact, bandwidths are unbelievably underdeveloped in Iran on purpose  to slow down Iranian access  to international sources of information.

As fears grow in Iran about a cyberwar with the ever more vocal anti-regime opposition abroad, along with the hacking of vital Iranian infrastructure, Tehran is busy setting up new cyberwarfare units to collect data and intelligence.  In 2021, the Quds Force set up a cyberwarfare unit for its ally  Hezbollah to spy on Lebanese citizens opposed to the group’s   activities.

Microsoft has already released a statement warning governments and private entities of the growing activities carried out by Iranian hackers around the world. But Iran itself is falling victim to a hacking spree by opposition groups that are politically motivated and have insider information of how to hack to the country’s vital assets and infrastructure.  This new era of cyber conflicts is likely to continue and grow in potency and adds an important dimension to opposition groups’ toolkit in their fight against the Iranian establishment. Without updating its technology, Iran is likely to face further cyberattacks, which might threaten the survival of the system, particularly if they take out critical infrastructure and paralyze vital state organs.

Editorial Team