Hackers linked to Iran are probing American companies for vulnerabilities, cybersecurity researchers and U.S. government officials say.
The warnings suggest that the next phase of hostilities between the U.S. and Iran, following the Jan. 3 killing of a top Iranian general in an American drone strike, is likely to play out in cyberspace.
The Iranian regime is accused of being behind some high-profile online operations against American targets in recent years.
Between 2011 and 2013, hackers targeted big American banks including JPMorgan Chase, Bank of America and Capital One. They flooded the banks' computer networks with traffic, knocking them offline and costing millions of dollars in lost business.
In 2018, a ransomware attack crippled the city of Atlanta, leaving police officers to write reports by hand and city workers punching in and out with time clocks.
In both cases, Iranian nationals were ultimately indicted.
In one of the most high-profile cases, hackers destroyed data on computers at the Sands casino in Las Vegas after its billionaire owner, Sheldon Adelson, called for a nuclear strike on Iran.
Iran's investment in its cyber army dates back to 2010, the year a powerful computer worm called Stuxnet infected an Iranian nuclear facility. The U.S. and Israel are believed to have been behind the attack, although neither country has ever acknowledged responsibility.
Stuxnet destroyed critical equipment and set back Iran's nuclear ambitions.
"As a result of the impact that Stuxnet had on the Iranian enrichment program, they formed, funded, trained and attached to their warfighting capabilities a very strong cybercapability," said Jordan Mauriello, senior vice president of managed security at cybersecurity firm CriticalStart.
Stuxnet hurt Iran, but Mauriello and other experts say it also demonstrated to the country's leaders the power of digital weapons to level the playing field against the military superiority of the U.S.
Iran has created teams of cyberwarriors inside the Revolutionary Guard Corps, its elite military wing. But Iran also relies on proxy groups and hackers aligned with its goals.
In the weeks since a U.S. airstrike killed Iranian general Qassem Soleimani, nationalist "hacktivists" are suspected of defacing a U.S. government website with pro-Iran messages.
Cybertools enable "asymmetric" attacks by inflicting economic or reputational damage, said Kara Frederick, a fellow at the Center for a New American Security.
"Cyber allows them to compete at a level of parity that they don't have in the physical world," she said.
Iran has also used these tactics against other foes, including Saudi Arabia. U.S. officials blame Iran for wiping out data on three-quarters of computers at Aramco, the kingdom's giant oil company, in 2012.
While the threat of military escalation between the U.S. and Iran appears to have eased in recent days, U.S. government officials and security researchers are warning companies to be on the alert for cyberattacks.
"Right now what we're seeing instead is a huge increase in reconnaissance activity," Mauriello said. "Specifically looking for potentially vulnerable servers, data gathering. ... They're kind of preparing the battle plan in the cyberspace."
The new @DHSgov NTAS Bulletin on the threat landscape was issued to inform & reassure the American public, state/local governments & private partners that DHS is actively monitoring & preparing for any specific, credible threat, should one arise. pic.twitter.com/iNnHU1TI9A
— Acting Secretary Chad Wolf (@DHS_Wolf) January 4, 2020
Earlier this month, Texas Gov. Greg Abbott said agencies in his state have seen an increase in attempted computer intrusions attributed to Iran.
The Department of Homeland Security has also warned that Iran may retaliate for Soleimani's death with cyberattacks ranging from defacing websites to destroying data.
Iran's activities have shown its ability to cause financial harm and embarrassment. However, experts say a more serious cyber intrusion into critical U.S. infrastructure, like electrical grids, would take more time and effort.
"Cyber is not a magic button, meaning that it takes many months of planning to achieve a specific outcome," said Oren Falkowitz, a former National Security Agency analyst who is the CEO of Area 1 Security.
Iran is not alone in amping up its cybercapabilities. Researchers say Russia and China present the biggest threats to American targets.
And the U.S. has its own digital weapons to use against adversaries.
Copyright 2020 NPR. To see more, visit https://www.npr.org.