Iran has increased its offensive cyber attacks against the US government and critical infrastructure, as tensions have grown between the two nations, cyber security firms say.
Interested in Iran?
Add Iran as an interest to stay up to date on the latest Iranian news, video and analysis from ABC News.
In recent weeks, hackers who thought working for the Iranian government targeting US government agencies and sectors of the economy, including oil and gas, are sending waves of spear-phishing emails, according to cyber security company representatives. CrowdStrike and FireEye, who regularly track such activity.
It did not know if any of the hackers were able to access the targeted networks with the emails, which typically mimics legitimate emails but contains malicious software.
Cyber offensive is the latest chapter in the US and Iran's ongoing cyber operations targeting the other. With this recent sharp increase in attacks after the Trump administration, sanctions in the Iranian petrochemical sector introduced this month.
The tensions have escalated since the United States withdrew from the nuclear agreement in 201
"Both sides are desperate to know what the other side is thinking," said John Hultquist, director of intelligence analysis at FireEye. "You can absolutely expect the regime to use every tool they have available to reduce the uncertainty about what will happen next, what the next move of the United States will be."
CrowdStrike shared photos of e-mail from spearfishing with AP.
Such an email, confirmed by FireEye, seemed to come from the president's office and seemed to try to recruit people for a financial adviser position. Another email was more generic and seemed to contain details about updating Microsoft Outlook's global address book.
The Iranian actor involved in the cyber attack, called "Refined Kitten" from CrowdStrike, has for years been targeting US energy and defense sectors as allies such as Saudi Arabia and the United Arab Emirates, said Adam Meyers, vice president of intelligence at Crowd Strike.
The National Security Agency would not specifically address Iranian cyber actions, but said in a statement to The Associated Press on Friday that "There have been serious problems with malicious Iranian cyber acts in the past."
"In these times of increased tension, it is appropriate for everyone to be aware of signs of Iranian aggression in cyberspace and to ensure adequate defense is in place," said the NSA.
Iran has long been targeting US oil and gas sectors and other critical infrastructure, but these efforts dropped significantly after nuclear agreement was signed. After President Donald Trump withdrew from the agreement in May 2018, cyber experts said they had seen an increase in Iranian hacking efforts.
"This is not distant war (anymore)," said Sergio Caltagirone, vice president of threat intelligence at Dragos, Inc. "This is one where Iranians could quote unquote bringing the war home to the United States."
Caltagirone said nations are increasing their ability to engage in cyberspace, the ability of the United States to choose a giant internationally and make it struggle to stay out of the United States physically is increasingly being reduced.
The United States has had a controversial cyber story with Iran.
In 2010, the so-called Stuxnet virus disrupted the operation of thousands of centrifuges on a uranium enrichment facility in Iran. Iran accused the US and Israel of trying to undermine its nuclear program through hidden operations.
Iran has also shown willingness to carry out destructive campaigns. Iranian hackers in 2012 launched an attack on the state-owned oil company Saudi Aramco, which releases a virus that deleted data on 30,000 computers and left an image of a burning American flag on screens.
In 2016, the United States accused Iranian hackers of a series of punishable cyberattacks on US banks and a small dam outside New York City.
U.S. Cyber Command refused to comment on the latest Iranian activity. "As a matter of policy and operational security, we do not discuss cyberspace operations, intelligence or planning," Pentagon spokeswoman Heather Babb said in a statement. The White House did not respond to a request for comment.
Despite the apparent cyber campaign, experts say that the Iranians do not necessarily immediately exploit access to computer systems and perhaps try to maintain future opportunities if their relationship with the United States is further aggravated.
"It is important to remember that cyber is not a magical offensive nuke you can fly and escape one day," said Oren Falkowitz, a former national security agency analyst. It takes many years to plan, he said, but as the tensions rise, "cyber impact becomes one of the tools they use and one of the hardest things to defend against."
Follow Tami Abdollah on Twitter at https://twitter.com/latams