cyberconflict

By Polechka

  • Iran connects to Internet

    Iran first connects to the Internet.

  • KSA connects to Internet

    1994 KSA first connects to the Internet, for citizens only since 1999.

  • Broad Internet access

    Internet access becomes increasingly common, with hundreds of thousands of Iranians and Saudis going online on a regular basis

  • Iran issues rules on internet access

    The Supreme Council of the Cultural Revolution in Iran issues rules on internet access, including mandatory filtering and surveillance of sites considered politically, culturally, and religiously subversive.

  • Hacking forum Ashiyane is created

    The hacking forum Ashiyane is created, serving as a catalyst for Iran’s hacking community and later implicated in facilitating the Iranian government’s repression of dissidents.

  • Iran's first blogger arrest

    Sina Motalebi is arrested, one of the first bloggers in the world arrested for their online writings, commencing a crackdown on internet expression.

  • Start of irenian campains

    Iranian threat actors begin to develop tools and conduct campaigns.

  • Iran Green Movement

    The contested reelection of Mahmoud Ahmadinejad provokes Iran’s largest popular uprising since 1979, known as the Green Movement.

  • Iranian Cyber Army defaces Twitter

    The Iranian Cyber Army defaces Twitter—taking it offline for several hours—in response to the Green Movement. Twitter’s homepage was hacked and defaced.

  • The “Stuxnet” computer virus compromised Bushehr nuclear power plant

    The “Stuxnet” computer virus, allegedly developed by Israel and the United States, was detected in computers at the Bushehr nuclear power plant. By September, 30,000 computers across at least 14 facilities—including the Natanz facility—were reportedly infected. The virus caused the engines in IR-1 centrifuges to increase their speed and eventually explode. At least 1,000 centrifuges of the 9,000 installed at Natanz were destroyed, the Institute for Science and International Security estimated.

  • Iran was contaminated by “Duqu” aimed at disrupting Iran’s nuclear program

    Iran said it had contained “Duqu”, the third virus aimed at disrupting Iran’s nuclear program. Duqu used programming code that was also used in the 2010 Stuxnet attack.

  • Iranian hacker breaches Dutch security firm DigiNotar to spy on Gmail users

    An Iranian hacker breaches Dutch security firm DigiNotar, allowing the Iranian government to spy on Gmail users in Iran. This remains one of the largest security breaches in the history of the internet.

  • “Wiper” malware erased the hard drives of computers owned by the oil ministry and the National Iranian Oil Company

    Iran discovered the “Wiper” malware erasing the hard drives of computers owned by the oil ministry and the National Iranian Oil Company. “Wiper” appeared to be similar in design to Duqu and Stuxnet, thought to have been developed by Israel and the US.

  • “Flame” virus infected Iranian government computers

    Iran announced that a virus dubbed “Flame” had infected government computers and had tried to steal government data. Israel and the US had deployed the Flame virus to collect intelligence and to prepare for a wider cyberwarfare campaign, The Washington Post reported. In Israel, Vice Prime Minister Moshe Yaalon did not confirm the nation’s involvement but acknowledged that Israel would use “all means... to harm the Iranian nuclear system.”

  • “Madi” malware, the first Iranian-attributed espionage cyber campaign

    The “Madi” malware agent, the first Iranian-attributed espionage cyber campaign, is disclosed.

  • “Shamoon” virus erased all corporate computers of Saudi Aramco

    Saudi Aramco, the world’s largest oil company, has data destroyed by the malware agent Shamoon. The “Shamoon” virus erased three-quarters of all corporate computers owned by Saudi Aramco and replaced the data with an image of a burning American flag. U.S. officials blamed Iran for the cyberattack. Saudi Aramco Paid $50 Million Ransom After Data Leak.

  • “Phishing” operation targeting over 500 academic researchers in Saudi Arabia and other Middle Eastern countries

    The cybersecurity company ClearSky discovered a widespread “phishing” operation targeting over 500 academic researchers in Israel, Saudi Arabia and other Middle Eastern countries. The cyberespionage dated as far back as 2011 and was linked to Iranian interests.
  • Period: to

    "Shamoon 2" cyber-attack

    Cyber-attacks against Saudi Arabia are renewed in Shamoon 2. The Shamoon virus resurfaced in Saudi Arabia, according to Symantec. An updated Shamoon virus targeted Saudi government computer systems at petrochemical plants.

  • Failed cyber-attack attempted to trigger an explosion at a Saudi petrochemical company

    A failed cyber-attack attempted to trigger an explosion at a Saudi petrochemical company.

  • “Dustman” malware cyber-attack

    Saudi government bodies detected a cyberattack planned on Saudi Arabia’s critical structure. The “Dustman” malware, permanently deleting data stored on disks, was used during the attack. According to CyberScoop, whose article bases its assumption on the political situation, the similar manners in which the attacks were carried out and the traces left, the responsible party was the Iranian hackers.

  • Espionage campaign led by the Iranian entity Chafer APT at the Saudi critical infrastructure

    Saudi Arabia was victim of an unsuccessful espionage campaign led by the Iranian entity Chafer APT. It was directed at the Saudi critical infrastructure, and in particular at the telecommunication and tourism sectors that store a significant amount of personal data, as well as at the government administration. The purpose was, among others, to gather data on credentials for espionage purposes.

  • Iranian cybergroup "Phosphorus" targeted attendees of the Think 20 Summit in Saudi Arabia

    An Iranian cybergroup known as Phosphorus targeted attendees of the Munich Security Conference and the Think 20 Summit in Saudi Arabia, according to Microsoft. The hacker group sent fake invitations to attendees. It successfully comprised the accounts of "former ambassadors and other senior policy experts" before Microsoft detected the attacks.
  • Period: to

    Iran “rapidly accelerating” cyberattacks

    Microsoft announced that Iran had been “rapidly accelerating” cyberattacks since mid-2022. The series of the most sophisticated Iranian cyberattacks in history.