cyberconflict

Iran first connects to the Internet.

1994 KSA first connects to the Internet, for citizens only since 1999.

Internet access becomes increasingly common, with hundreds of thousands of Iranians and Saudis going online on a regular basis

The Supreme Council of the Cultural Revolution in Iran issues rules on internet access, including mandatory filtering and surveillance of sites considered politically, culturally, and religiously subversive.

The hacking forum Ashiyane is created, serving as a catalyst for Iran’s hacking community and later implicated in facilitating the Iranian government’s repression of dissidents.

Sina Motalebi is arrested, one of the first bloggers in the world arrested for their online writings, commencing a crackdown on internet expression.

Iranian threat actors begin to develop tools and conduct campaigns.

The contested reelection of Mahmoud Ahmadinejad provokes Iran’s largest popular uprising since 1979, known as the Green Movement.

The Iranian Cyber Army defaces Twitter—taking it offline for several hours—in response to the Green Movement. Twitter’s homepage was hacked and defaced.

The “Stuxnet” computer virus, allegedly developed by Israel and the United States, was detected in computers at the Bushehr nuclear power plant. By September, 30,000 computers across at least 14 facilities—including the Natanz facility—were reportedly infected. The virus caused the engines in IR-1 centrifuges to increase their speed and eventually explode. At least 1,000 centrifuges of the 9,000 installed at Natanz were destroyed, the Institute for Science and International Security estimated.

Iran said it had contained “Duqu”, the third virus aimed at disrupting Iran’s nuclear program. Duqu used programming code that was also used in the 2010 Stuxnet attack.

An Iranian hacker breaches Dutch security firm DigiNotar, allowing the Iranian government to spy on Gmail users in Iran. This remains one of the largest security breaches in the history of the internet.

Iran discovered the “Wiper” malware erasing the hard drives of computers owned by the oil ministry and the National Iranian Oil Company. “Wiper” appeared to be similar in design to Duqu and Stuxnet, thought to have been developed by Israel and the US.

Iran announced that a virus dubbed “Flame” had infected government computers and had tried to steal government data. Israel and the US had deployed the Flame virus to collect intelligence and to prepare for a wider cyberwarfare campaign, The Washington Post reported. In Israel, Vice Prime Minister Moshe Yaalon did not confirm the nation’s involvement but acknowledged that Israel would use “all means... to harm the Iranian nuclear system.”

The “Madi” malware agent, the first Iranian-attributed espionage cyber campaign, is disclosed.

Saudi Aramco, the world’s largest oil company, has data destroyed by the malware agent Shamoon. The “Shamoon” virus erased three-quarters of all corporate computers owned by Saudi Aramco and replaced the data with an image of a burning American flag. U.S. officials blamed Iran for the cyberattack. Saudi Aramco Paid $50 Million Ransom After Data Leak.

The cybersecurity company ClearSky discovered a widespread “phishing” operation targeting over 500 academic researchers in Israel, Saudi Arabia and other Middle Eastern countries. The cyberespionage dated as far back as 2011 and was linked to Iranian interests.

Cyber-attacks against Saudi Arabia are renewed in Shamoon 2. The Shamoon virus resurfaced in Saudi Arabia, according to Symantec. An updated Shamoon virus targeted Saudi government computer systems at petrochemical plants.

A failed cyber-attack attempted to trigger an explosion at a Saudi petrochemical company.

Saudi government bodies detected a cyberattack planned on Saudi Arabia’s critical structure. The “Dustman” malware, permanently deleting data stored on disks, was used during the attack. According to CyberScoop, whose article bases its assumption on the political situation, the similar manners in which the attacks were carried out and the traces left, the responsible party was the Iranian hackers.

Saudi Arabia was victim of an unsuccessful espionage campaign led by the Iranian entity Chafer APT. It was directed at the Saudi critical infrastructure, and in particular at the telecommunication and tourism sectors that store a significant amount of personal data, as well as at the government administration. The purpose was, among others, to gather data on credentials for espionage purposes.

An Iranian cybergroup known as Phosphorus targeted attendees of the Munich Security Conference and the Think 20 Summit in Saudi Arabia, according to Microsoft. The hacker group sent fake invitations to attendees. It successfully comprised the accounts of "former ambassadors and other senior policy experts" before Microsoft detected the attacks.

Microsoft announced that Iran had been “rapidly accelerating” cyberattacks since mid-2022. The series of the most sophisticated Iranian cyberattacks in history.