TipsMake
Newest
A 'ghost galaxy' has been discovered 300 million light-years from Earth and contains up to 99% dark matter.AudioPen - An AI-powered speech-to-text app.How to retain ChatGPT memory when switching to ClaudeThousands of image creation prompts will be available on this website!Instructions on how to prevent Chrome from automatically loading the Gemini Nano AI model.

How has Iran built such a formidable 'cyber warfare machine'?

Iranian Siemens continued to sabotage the nuclear plant
Iranian hackers take revenge on the attack by the Stuxnet virus

While bombs and bullets rain down across the Middle East as the US and Israel seek to pressure Iran, on another front, the war is raging with no less intensity: cyberspace.

 

Despite attacks on much of Iran's physical infrastructure, the country's hacking forces remain highly active. Groups linked to the Iranian government targeted Jordanian gas companies, as well as businesses in the UAE and Qatar, in a cyberattack campaign called Great Epic. Several countries, including the UK – where a military base in Cyprus was once struck by missiles linked to Iran – have also begun warning businesses to prepare for the risk of being targeted by Iranian hackers.

This leads to a big question: how did Iran become such a formidable force in cyber warfare, and what are their objectives?

How has Iran built such a formidable 'cyber warfare machine'? Picture 1

The cyber shock has caused Iran to change its strategy.

Iran's current cyber warfare capabilities stem in part from a past attack aimed at undermining it. In 2010, the U.S. and Israel allegedly deployed the Stuxnet virus targeting Iran's Natanz nuclear facility. This attack destroyed numerous centrifuges and significantly slowed Iran's nuclear program, although both countries denied involvement.

 

Stuxnet is considered the first true cyber weapon ever used to disrupt real-world infrastructure. This event not only damaged Iran but also served as a wake-up call about the dangers of digital warfare.

According to Jake Moore, global cybersecurity advisor at ESET, being the target of the 'world's first true cyber weapon' has shown Iran what is possible now and in the future.

If the initial goal of the attack was to slow Iran's nuclear ambitions, it may have achieved that to some extent. But at the same time, it also prompted Tehran to invest heavily in a new form of warfare: cyber warfare.

Following that event, Iran rapidly accelerated its cybersecurity capabilities. In 2012, it established the Supreme Cyber ​​Council to coordinate related activities. In addition, Advanced Persistent Threat (APT) hacking groups were funded and operated through the Islamic Revolutionary Guard Corps and the Ministry of Intelligence.

Between 2012 and 2015, Iran's cybersecurity budget is believed to have increased by as much as 1,200%.

Abundant technological workforce

Another factor contributing to Iran's development of cyber warfare capabilities is its strong technical workforce. The country has a large number of software engineers and computer specialists, some of whom are geared towards cyberattack operations.

Mo Hoseini, head of the systems recovery department at the digital human rights organization ARTICLE 19, said Iran is among the countries that train many top technology engineers.

Throughout the 2010s, Iranian APT groups conducted numerous notable offensive operations. Prominent groups such as APT33 and OilRig carried out sustained campaigns targeting the aerospace and energy sectors.

By 2024, the U.S. had imposed sanctions on several individuals believed to be linked to these hacking groups. However, the threat doesn't come solely from organized groups. Analysts are also tracking over 120 independent, pro-Iranian hacktivist groups. Just one successful attack could cause widespread chaos.

 

Battlefields Without Borders

Cyber ​​warfare capabilities have become a crucial strategic tool for Iran. Amidst significant military constraints and economic pressure from sanctions, cyber warfare allows Tehran to expand its influence without relying on traditional military power.

According to Hoseini, support from countries opposed to the West also plays a role in this process. Over the years, experts have observed signs of influence from China and Russia on Iran's cyber operations. Some campaigns even operate in a manner similar to Russian tactics, suggesting the possibility of an exchange of technology and experience.

This knowledge sharing has also spread to Iran's allies abroad, making it more difficult to contain its cyber warfare capabilities than to control conventional weapons.

Another cause for concern is the strategy of sending Iranian students abroad to study technology. According to some experts, the Iranian authorities may pressure them to cooperate in information gathering after working at large technology companies.

Hoseini cited the example of the arrest of three people last February, who were accused of working at Silicon Valley companies and transferring confidential information to hostile nations, including Iran.

He argued that Iran currently possesses sufficient resources to sustain cyber warfare operations. However, the major question ahead is whether they can continue to maintain the ability to coordinate and deploy large-scale operations.

Discover more
Lesley Montoya
Share by Lesley Montoya
Update 07 March 2026

You should read it