Iran’s Global Attack Reach: Drones, Cyber, and Criminal Networks

FBI Warns of Iranian Drone Strikes, Lawmakers Downplay Threat

The Federal Bureau of Investigation (FBI) has issued a warning to California officials regarding the potential risk of Iranian drone strikes on U.S. soil, prompting heightened awareness among state and federal partners. While the FBI emphasizes the reality of this threat, lawmakers in California have largely sought to downplay immediate concerns. “As always, public safety is our number one priority. And rest assured, we are in constant communication with all of our public safety partners and we will continue to monitor the situation,” stated a representative for California officials, assuring the public of ongoing vigilance and communication.

A History of Covert Operations: Iran’s Extraterritorial Tactics

Ben Dubo, a Senior Fellow for Democratic Resilience at the Center for European Policy Analysis in Washington D.C., provided insight into Iran’s historical patterns of conducting attacks beyond its borders. These operations, he explained, can be broadly categorized into three main areas:

• Attacks on diplomatic and institutional targets: This includes assaults on Israeli, U.S., and other embassies, as well as Jewish institutions and individuals globally.
• Assassination attempts: Historically, these have primarily targeted Iranian dissidents, particularly ethnic secessionist groups such as Kurds.
• Cyber attacks: These operations have consistently aimed at major infrastructure, businesses, and other entities to disrupt their functions.

Dubo highlighted that Iran has often employed indirect methods for these attacks, frequently utilizing criminal networks, including drug trafficking gangs, to carry out actions. “The way they’ve largely implemented these attacks, especially the ones targeting civilian infrastructure, have been through different criminal networks, especially drug dealing gangs networks,” Dubo stated. He pointed to recent attacks on embassies in Europe, such as those in Belgium and Sweden, and a more recent incident at the U.S. embassy in Norway, as examples bearing similar operational fingerprints.

Strategic Aims: Intimidation and Disruption

The strategic objectives behind Iran’s extraterritorial operations are multifaceted, according to Dubo. For attacks targeting dissidents, the aims are direct: to instill fear among those who might oppose the regime and to undermine the operational capacity of opposition groups.

When it comes to broader operations targeting civilian infrastructure or diplomatic missions, the goal extends beyond mere intimidation. “The idea really is to inflict pain on those who might join the current military operations against Iran,” Dubo explained. He noted that Iran has explicitly declared any country participating in or providing bases for military operations against it as a legitimate target. “So that goal is partially intimidation but partially to reduce any support for involvement in current military operations against Iran.”

Evolution of Tactics: From Hezbollah to Criminal Gangs

The methods employed by Iran in conducting attacks have evolved significantly over the decades. In the 1980s, Iran was linked to high-profile incidents such as plane hijackings, hostage-taking, and bomb attacks in the U.S. and Europe, often carried out by proxies like Hezbollah. Today, the focus has shifted towards leveraging criminal gangs.

Dubo characterized this shift as indicative of potentially degraded Iranian capabilities and those of its proxies. “The Foxtrot Group and the Roomba network are really their most powerful, not even proxies, their most powerful instruments right now to carry out attacks in Europe. And both of those are just kind of standard criminal networks,” he observed. These networks are often coerced into cooperating with Iranian intelligence, given the choice between acting on behalf of Iran or facing legal consequences. This contrasts sharply with the ideological alignment seen with groups like Hezbollah in the past.

The nature of these attacks has also become simpler. “These have all been really kind of simplistic attacks. Just kind of go in the dead of night, throw ordnance, you know, light a fire, not like the incredibly complex rehearsed attacks that Hezbollah was able to carry out 10, 20 years ago, 30 years ago,” Dubo elaborated. He concluded that this evolution suggests a diminished capacity for Iran to project power abroad.

Cyber Warfare: A Growing Threat Landscape

Beyond physical attacks, Iran’s cyber warfare capabilities present a significant and evolving threat. Dubo pointed to the “MuddyWater” assistant, or APT (Advanced Persistent Threat) group, believed to be subordinate to Iran’s Ministry of Intelligence Services. This group has been found to have embedded implants within U.S. banks and airports, potentially granting them access to disrupt critical operations.

A recent suspected Iranian cyberattack on the U.S. medical device company Stryker earlier in the week underscores this concern. Dubo suggested that many of these dormant implants could become active soon, especially if military operations continue to escalate.

Regarding the choice of targets like Stryker, Dubo described it as a “spray and prey” approach common in cyber operations. “With the way cyber attacks work, generally they’re very scalable. So, you can take a very broad set of potential targets. There’s very little marginal cost to adding a new target and just see where you actually find vulnerabilities where you can actually get through,” he explained. This indicates that targets may be chosen opportunistically rather than based on high strategic value.

Looking ahead, Dubo anticipates a broad range of potential cyber targets. While critical infrastructure remains a strategic focus, the accessibility and actual level of access Iran has to these systems are still uncertain. Therefore, more opportunistic targets like Stryker are likely to emerge. The delay in activating certain cyber capabilities, such as the closure of the Strait of Hormuz, suggests a strategic decision by Iran to conserve its options and inflict pain incrementally over an extended period, rather than expending all its resources at once.

Defensive Measures and Future Outlook

In response to these threats, U.S. and European security officials have implemented heightened security measures around potential targets, including embassies, synagogues, and critical infrastructure. Enhanced monitoring of potential cyber attacks is also a key component of the defensive strategy, given the often clandestine nature of Iranian cyber operations.

The FBI’s warning and the ongoing cyber activities highlight the persistent, albeit evolving, threat posed by Iran’s global reach. While direct attacks on U.S. mainland remain a complex undertaking, Iran’s ability to employ proxies, criminal networks, and sophisticated cyber tools ensures its capacity to project power and inflict disruption beyond its borders. The coming weeks will be crucial in observing how Iran chooses to deploy its remaining capabilities and whether the current defensive measures prove sufficient to deter or mitigate future attacks.

Source: Does Iran have the military reach to attack the United Sates' mainland? | DW News (YouTube)