U.S. cyberattacks struck Iran systems, sources say

President Donald Trump approved cyberstrikes that disabled Iranian computer systems used to control rocket and missile launches, even as he backed away from a conventional military attack in response to Iran's downing Thursday of an unmanned U.S. surveillance drone, according to people familiar with the matter.

The cyberstrikes, launched Thursday night by personnel with U.S. Cyber Command, were in the works for weeks if not months, according to two of those people, who said the Pentagon proposed launching them after Iran's alleged attacks on two oil tankers in the Gulf of Oman earlier this month.

The strike against the Islamic Revolutionary Guard Corps was coordinated with U.S. Central Command, the military organization with purview over activity throughout the Middle East, these people said. They spoke on the condition of anonymity because the operation remains sensitive.

The administration on Saturday warned industry officials to be alert for cyberattacks originating from Iran.

In recent weeks, hackers believed to be working for the Iranian government have targeted U.S. government agencies, as well as sectors of the economy including oil and gas, sending waves of spear-phishing emails, according to representatives of cybersecurity companies CrowdStrike and FireEye, which regularly track such activity.

It was not known if any of the hackers managed to gain access to the targeted networks with the emails, which typically mimic legitimate emails but contain malicious software.

The Department of Homeland Security said in a statement released Saturday that its agency tasked with infrastructure security has been aware of a recent rise in malicious cyber activities directed at U.S. government agencies by Iranian regime actors and proxies.

Cybersecurity and Infrastructure Security Agency Director Christopher Krebs said the agency has been working with the intelligence community and cybersecurity partners to monitor Iranian cyber activity and ensure the U.S. and its allies are safe.

"What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you've lost your whole network," Krebs said.

The National Security Agency would not discuss Iranian cyber actions specifically, but said in a statement Friday that "there have been serious issues with malicious Iranian cyber actions in the past."

"In these times of heightened tensions, it is appropriate for everyone to be alert to signs of Iranian aggression in cyberspace and ensure appropriate defenses are in place," the National Security Agency said.

The White House declined to comment on U.S. cyberstrikes, as did officials at U.S. Cyber Command. Pentagon spokesman Elissa Smith said, "As a matter of policy and for operational security, we do not discuss cyberspace operations, intelligence or planning."

"This operation imposes costs on the growing Iranian cyber threat, but also serves to defend the United States Navy and shipping operations in the Strait of Hormuz," said Thomas Bossert, a former senior White House cyber official in the Trump administration.

"Our U.S. military has long known that we could sink every [Islamic Revolutionary Guard Corps] vessel in the strait within 24 hours if necessary. And this is the modern version of what the U.S. Navy has to do to defend itself at sea and keep international shipping lanes free from Iranian disruption."

Information for this article was contributed by Ellen Nakashima of The Washington Post; and by Tami Abdollah of The Associated Press.

A Section on 06/23/2019

Upcoming Events