A cyber-attack against Iranian infrastructure blamed for massive internet shutdown
Hot on the heels of a “serious” cyber-attack that compromised United Nations servers, and in the same week that the head of the European Central Bank, Christine Lagarde, warned of the global financial implications of cyber-attacks, Iran has seemingly come under cyber-attack. Indeed, so powerful was the impact of this alleged attack that the internet was disrupted across the country.
The NetBlocks internet observatory, which maps internet freedom in real-time, confirmed that there was extensive Iranian telecommunications network disruption on the morning of February 8. The internet observatory, an accurate and impartial monitor of internet availability, uses a combination of measurement and classification techniques to detect disruptions and critical infrastructure cyber-attacks in real-time. In a NetBlocks tweet, the national internet connectivity drop to 75% was said to be due to Iranian authorities activating the “Digital Fortress” cyber-defense mechanism, also known as DZHAFA.
In a NetBlocks report, the DEZHFA activation is said to have been implemented in order to “repel a cyber-attack on the country’s infrastructure.” With both fixed-line and mobile network providers impacted, it was seven hours before normal internet connectivity was resumed. A spokesperson for Iran’s Telecommunication Infrastructure Company, affiliated to the ministry of ICT and Iran’s sole provider of telecommunications infrastructure, Sadjad Bonabi, tweeted that a “distributed denial of service attack” (DDoS) had been “normalized” with the “intervention of the Dzhafa Shield.”
It is certainly not unusual for DDoS attacks to be used as a cyber-weapon by nation-states. Indeed, at the start of December 2019, China was reported to have fired the “Great Cannon of China” at an online forum used to coordinate Hong Kong pro-democracy protests. However, the Financial Tribune quotes Bonabi as saying that “no sign of state sponsorship” of the attack had been detected, and that both attack sources and destinations were “highly distributed.”
This is just the latest in a long line of alleged cyber-attacks against Iranian infrastructure, regardless of attribution. In December 2019, Kate O’Flaherty reported how the DZHAFA shield had been activated to defend against attacks on government servers and electronic infrastructure. Earlier last year, as Zak Doffman reported, the U.S. had launched an “offensive cyber strike on Iran to disable the computer systems used to control rocket and missile launches.”
Meanwhile, the Iranian Zafar observation satellite that was due to be launched into the orbit the same day as the cyber-attack has been delayed according to reports on Radio Farda. While stating that there were no issues regarding putting the satellite into orbit, Morteza Barari, head of Iran’s space organization, is reported to have said that the launch would happen “at the first opportunity when everything is prepared.” It is not currently known if the delay and the cyber-attack are related.