What Happened

A newly released report produced by the U.S. cybersecurity firm Symantec has identified an Iran-based hacking group that has reportedly targeted a number of government organizations and businesses in a broad swath of the Middle East. In the report, Symantec said the group, dubbed Leafminer, has been operating since early 2017. However, its analysis found no evidence that the group is linked directly to the Iranian government.

What is driving the group's intrusions, whether espionage, disruption or other motives, remains unclear. Evidence of Leafminer attacks was widespread in Saudi Arabia, but the group has also targeted interests in Egypt, Israel, Lebanon, the United Arab Emirates, Bahrain, Kuwait, Qatar, Afghanistan and Azerbaijan.

Symantec was able to identify the group after it accessed a server that the group left exposed — an operational security breach that led the cybersecurity firm to suggest the hackers could be relatively inexperienced. A Leafminer list of 809 targets, which was written in Farsi, includes a range of industries. Thus far, Leafminer has focused on targets linked with governments and within the financial and energy sectors, but it has also taken aim at the shipping and transportation, airline, telecom, security, construction and food industries.

Why it Matters

Iran has long relied on cyberwarfare operations as a part of an asymmetric strategy aimed at undermining its regional adversaries. The Iranian Shamoon virus, for example, targeted Saudi Aramco in 2012, and a variant of the malware that surfaced in 2016 hit the Saudi government and the Kingdom's energy sector. As the United States, working in close collaboration with Saudi Arabia and Israel, increases pressure on Iran, a concurrent increase in Iranian cyberattacks — particularly against strategic economic targets in Gulf countries — is likely.

What It Means

The West is already on alert for an escalation in Iranian cyber operations. U.S. officials have recently warned that Iran has laid the groundwork for extensive cyberattacks against private companies and infrastructure in the United States and Europe. Meanwhile, the German domestic intelligence agency Bundesamt fur Verfassungsschutz, or BfV, released a report July 23 that outlined the increased Iranian cyberwarfare capabilities that posed a threat to Germany's companies and research institutions. The report also noted numerous attacks against German targets linked to Iran in 2017. If evidence that ties hacking operations to the Iranian government surfaces, it will present yet another grievance for the White House to seize when it comes to escalating its economic and military pressure campaign against Tehran.