Columbia International Affairs Online: Working Papers

CIAO DATE: 05/2015

The Growing Cyberthreat from Iran: The Initial Report of Project Pistachio Harvest

Frederick W. Kagan, Tommy Stiansen

April 2015

American Enterprise Institute for Public Policy Research


Malicious Iranian cyber activity has increased significantly since the beginning of 2014. Data collected by AEI and the Norse Corporation indicate that attacks launched from Iranian Internet protocol (IP) addresses increased 128 percent between January 1, 2014, and mid-March 2015. The number of Norse sensors hit by Iranian IPs rose by 229 percent, while the number of distinct IPs used to execute these attacks rose by 508 percent. Iranian companies are renting and buying IT resources in the West, despite sanctions. Hundreds of thousands of domains registered to Iranian people or companies are hosted by companies in the US, Canada, and Europe as a result of Western failures to enforce IT sanctions and regulations governing technology transfers. Some of these resources are then used to conduct cyberattacks on America and its allies. The Islamic Republic is using networks within Iran to conduct sophisticated cyberattacks. Investigations have uncovered efforts launched by the Islamic Revolutionary Guard Corps and Sharif University of Technology to infiltrate US systems. The technical nature of the attacks makes it more likely that Iran's cyber capabilities are expanding and could pose a risk to US critical infrastructure.