What does the Killing of Qassim Soleimani mean in cyber terms?
Last night President Trump took decisive action against Iran’s top terror spreading General was killing IRGC Qassim Soleimani that took down the man responsible for the killing of many American lives and spread evil then any one person can measure. Soleimani was the head of all Iran’s nefarious activities from a terror and cyber perspective.
The initial reaction has been what one can expect. Vows of revenge from Iran, its allies and proxies; a clear message from President Trump and the US that drew a red line and let the Iranian regime understand, the US won’t ideally stand by and let Iran attack US forces and embassies with no retaliation. These are different times and different strategies of dealing with active threats against US interests.
The tightening of the sanctions on Iran and the designation of the IRGC as a terror organization made sure Soleimani was spearheading all activities and illicit funding for the continued operation of the Iranian regime. All cyber and terror activities were headed and sanctioned by Soleimani himself. He was the number 2 and a close confidant of the Ayatollah Khamenei and this is a loss that won’t be soon recovered in Iran.
What does this mean from a cybersecurity perspective?
Iran was a known perpetrator of cyber-attacks against US national interests, businesses, and educational facilities. No attack was planned and executed without Soleimani being at the table green lighting these attacks. No APT in Iran exists without the IRGC knowing it and giving it the tools needed to operate in cyberspace.
The death of Soleimani will likely ignite an uptick in cyber-attacks against US interests and allies. This won’t be anything new however the long-term effect of this action will likely be positive. Powerful leaders aren’t easily replaced and tend to bring a split in the lower ranks which will cause internal rifts that will lead to loss of focus and a long-term decrease and effectiveness in Iranian APT groups.
As Cybersecurity practitioners now is the time to remember the TTP of Iranian APT’s. Contact your local CISO representative and ensure you have a direct line of communications for any alerts. Furthermore, while we have alert overload, now is the time to really look at each alert and ensure we review each alert and not dismiss any.
Iran will look to counter this move by something symbolic and as many of you are aware, President Trump changed the game in 2019 when Iran drowned a US drone and President Trump responded with a massive cyber-attack taking down Iranian air defenses and changing the paradigm. The question we are all asking ourselves today is: What will be the Iranian response?