Tag Archives: Stuxnet Iran nuclear power plants

Paranoia: What Happens When the Enemy Can See You Naked

Leave a reply

During the 2025 Israel/U.S. war against Iran, Israeli authorities, and a pro-Israeli hacking group called Predatory Sparrow, targeted financial organizations that Iranians use to move money and sidestep the U.S.-led economic blockade…Predatory Sparrow…crippled Iran’s state-owned Bank Sepah, which services Iran’s armed forces and helps them pay suppliers abroad, knocking out its online banking services and cash machines…The group also breached Nobitex, Iran’s largest cryptocurrency exchange, popular with locals for transferring money overseas. The hackers extracted about $100 million in funds and forced the platform to shut down, according to the exchange.

Iran’s government pulled the plug on much of the country’s online activities to prevent further attacks… Non-Iranian websites were blocked. Citizens were warned against using foreign phones or messaging platforms that it claimed could collect audio and location data for Israeli spies. Government officials were banned from using laptops and smartwatches.

Paranoia swept through the Iranian population as the attacks, both physical and cyber, mounted. “It’s better to cut [the internet] off. Israel can see everything,” said Mohammad Ghorbaniyan, a Tehran-based money changer whom the U.S. sanctioned several years ago for allegedly aiding Iranian hackers…Predatory Sparrow has been wreaking havoc on Iran since at least 2021. In earlier hacks, the group disabled gas-station payment systems across the country and triggered a fire at an Iranian steel plant. 

For their operation against Nobitex, the hackers managed to obtain the keys for the exchange’s cryptocurrency wallets, which were held by key personnel within the company…Predatory Sparrow then “burned” the stolen $100 million by sending the tokens to other digital wallets the group itself couldn’t access. These wallets’ addresses, which are made up of long strings of numbers and letters, contained profane phrases like “F—IRGCterrorists.”

Excerpt from Angus Berwick, How Israel-Aligned Hackers Hobbled Iran’s Financial System, WSJ, June 29, 2025

How to Kill Scientists and Get Away with It

Leave a reply

When Israel’s attacks on Iran began before dawn on June 13, 2025 explosions shattered the homes of some of Iran’s top scientists… All nine were killed in near-simultaneous attacks to prevent them from going into hiding…The attack on the scientists was considered so fantastical by even its planners that it was called “Operation Narnia,” after the fictional C.S. Lewis series…A week after the June 13 attacks, Israel used a drone to kill another scientist who was being kept in what was supposed to be a safe house in Tehran. The person hasn’t been named…The deadly airstrikes were the first to target Iran’s nuclear scientists since 2020, when Mohsen Fakhrizadeh was gunned down with a remote-controlled weapon. Israel has never denied or confirmed its role in the deaths of five Iranian scientists between 2010 and 2020.

Among the most important targets was Fereydoon Abbasi-Devani, the former head of the Atomic Agency of Iran and one of the founders of Iran’s nuclear weapons-related work…Another killed scientist was Mohammad Mehdi Teranchi, who led a unit under Fakhrizadeh focusing on high explosives, which are needed to detonate a nuclear weapon…

Iran has used universities like Shahid Beheshti, the Sharif University of Technology and Malek Ashtar University to keep alive its nuclear-weapons expertise over the past two decades….At these universities, Iran often matches up its nuclear scientists on experiments and other studies with younger students. Two of the scientists killed on June 13, Ahmadreza Zolfaghari and Abdulhamid Minouchehr, published an article in the Annals of Nuclear Energy in June 2024 that used advanced computer modeling to show how neutron sources behave in a chain reaction. That information can be used for civilian purposes, like building a nuclear reactor, or to help trigger a chain reaction in a nuclear weapon. 

Excerpt from Laurence Norman, How Israel Killed Iran’s Top Nuclear Scientists, WSJ, June 29, 2025

When a State Collapses, Who Survives: the case of Iran

Leave a reply

In mid-June 2025, Iran flew at least four civilian aircraft to the Omani capital of Muscat for safekeeping. One of the planes included Iran’s presidential Airbus A340, which landed in Muscat on June 18, 2025 according to flight trackers. 

Arab officials were surprised to learn the planes were empty of passengers. Instead, they said, they carried cash and assets, which Iranians weren’t allowed to offload because of sanctions. The planes themselves were also valuable as emergency exits for top officials. The precautions show the level of pressure on Iran’s rulers during the war (Israel-Iran war of 2025). They had to find a way forward with no control of their own airspace and no help from their militias

Excerpt from S. Raghavan et al., Life in Iran After the Strikes: Executions, Arrests and Paranoia, WSJ, June 28, 2025

Israel’s Killing Machine and the Enemies Within

Leave a reply

Israel stunned and hobbled Iran starting on June 13, 2025 when it pulled off an intelligence and military operation years in the making that struck high-level targets with precision. Guided by spies and artificial intelligence, the Israeli military unleashed a nighttime fusillade of warplanes and armed drones smuggled into Iran to quickly incapacitate many of its air defenses and missile systems. With greater freedom to fly over Iran, Israel bombarded key nuclear sites and killed top generals and scientists. By the time Iran mustered a response hours later, its ability to retaliate — already weakened by past Israeli strikes — was greatly diminished.

The Mossad and the military worked together for at least three years to lay the operational groundwork…To further diminish Iranian air defenses and missile systems, Mossad agents had smuggled precision weapons into Iran that were prepositioned to strike from close range…Those weapons included small, armed drones, which agents snuck into the country in vehicles…Mossad agents stationed weapons close to Iranian surface-to-air missile sites…To analyze information gathered from various sources, Israel used the latest artificial-intelligence…AI was used to help Israelis quickly sift through troves of data they had obtained….An investigation by The Associated Press conducted in early 2025 uncovered that the Israeli military uses U.S.-made AI models in war to sift through intelligence and intercept communications to learn the movements of its enemies. It’s been used in the wars with Hamas in Gaza and with Hezbollah in Lebanon.

In addition to AI, the Mossad relied on spies to identify top nuclear scientists and members of Iran’s Revolutionary Guard… At least eight members of the Guard, including the head of its missile program, were killed in a single Israeli strike on an underground bunker.

Another facet of the attack was to strike Iranian vehicles used to transport and launch missiles. The strategy was similar to a Ukrainian operation earlier this month in Russia. In that operation, nearly a third of Moscow’s strategic bomber fleet was destroyed or damaged with cheaply made drones snuck into Russian territory…In an interview with Iranian state-run television, the country’s police chief, Gen. Ahmadreza Radan, said “several vehicles carrying mini-drones and some tactical drones have been discovered.” ….

In the 2000s, Iranian centrifuges used for enriching uranium were destroyed by the so-called Stuxnet computer virus, believed to be an Israeli and American creation….In 2018, Israel stole an archive of Iranian nuclear research that included tens of thousands of pages of records…In July 2024, Israel killed a senior leader of Hamas, Ismail Haniyeh, with a bomb in a bedroom of a government guesthouse in Tehran.

Excerpts from JULIA FRANKEL and SAM MEDNICK, How Israel used spies, smuggled drones and AI to stun and hobble Iran, AP, June 17, 2025

From Pegasus to Pariah: Israeli Spying is Not Sexy

Leave a reply

When international news organizations revealed that at least ten governments had used Pegasus, a powerful software tool created by Israel’s NSO Group, to hack into the smartphones of thousands of people around the world, including politicians, human-rights activists and journalists, the Israeli government shrugged. None of its ministers has publicly commented….Israeli defence exporters privately expressed ridicule. “Arms companies can’t keep track of every rifle and bullet they sell to legitimate customers,” said one. “Why should we have higher expectations when it comes to software?…Israeli spying is a sexy subject and these reports are the price for doing business.”

Countries that have received Pegasus software include Brazil, Hungary and India, along with Sunni Arab regimes with whom Israel recently established diplomatic relations: Bahrain, Morocco and the United Arab Emirates. Saudi Arabia, a fellow enemy of Iran, is listed, too. “Deals on cyber-surveillance are the kind of sweetener you can throw into a diplomatic package with a foreign leader,” says a former NSO consultant.

Excerpts from Let Pegasus fly: Israel is loth to regulate its spyware exports, Economist, July 31, 2021

A War Like No Other: the Covert Invasion of Iran

Leave a reply

Within hours of Iran proudly announcing the launch of its latest centrifuges, on April 10, 2021, a power blackout damaged some of the precious machines at its site in Natanz…One thing reports seem to agree on is that an “incident” affected the power distribution network at Natanz.

Natanz is critical to Iran’s nuclear program. The heavily secured site is protected by anti-aircraft guns and has two large centrifuge halls buried more than 50 feet underground to protect them from airstrikes. Despite the conflicting reports, it appears the facility’s main power distribution equipment — Natanz has its own grid — was taken out with explosives. Backup emergency electricity also was taken down, and power cut out across the multibuilding compound, Behrouz Kamalvandi, spokesperson for Iran’s Atomic Energy Organization, told Iran’s state-run TV.

A blackout may not sound that serious, but it can be at an enrichment plant. Centrifuges are slender machines linked up in what are called cascades which enrich uranium gas by spinning it at incredibly high speeds using rotors. The stress on the advanced materials involved is intense and the process is technically immensely challenging. A small problem can send a centrifuge spinning out of control, with parts smashing into each other and damaging a whole cascade.

The question is: what caused the blackout – a cyber-attack or a physical act of sabotage, like a bomb?

Israel has a long history of sabotaging nuclear facilities in Iraq, Syria, and Iran, both through cyber means — including the sophisticated Stuxnet attack against Iran, which Israel conducted with U.S. and Dutch intelligence agencies — and with conventional bombs and explosives. Israel is also reportedly behind a number of assassinations of Iranian nuclear scientists and officials over the last decade. The Stuxnet attack was particularly significant because it launched the era of cyberwarfare, as it was the first cyberattack known to use a digital weapon that could leap into the physical realm to cause actual destruction of equipment. The highly skilled covert operation was conducted in lieu of a kinetic attack to avoid attribution and an escalation in hostilities with Iran; it remained undetected for three years..

Excerpts from Gordon Corera, Iran nuclear attack: Mystery surrounds nuclear sabotage at Natanz, BBC, Apr. 12, 2021, Kim Zetter, Israel may have Destroyed Iran Centrifuges Simply by Cutting Power, Intercept, Apr. 13, 2021

Who is the Boss? Cyber-War

Leave a reply

A new National Cyber Power Index by the Belfer Centre at Harvard University ranks 30 countries on their level of ambition and capability…That America stands at the top of the list is not surprising. Its cyber-security budget for fiscal year 2020 stood at over $17bn and the National Security Agency (NSA) probably gets well over $10bn. The awesome scale of America’s digital espionage was laid bare in leaks by Edward Snowden, a former NSA contractor, in 2013, which showed the agency hoovering up vast amounts of the world’s internet traffic and trying to weaken encryption standards.

China, in second place, has demonstrated a voracious appetite for commercial cyber-espionage abroad and an iron grip on the internet at home. Britain, whose National Cyber Security Centre has parried over 1,800 cyber-attacks since its creation in 2016, is third. Russia, whose spies interfered with America’s last election, is in fourth place. The big surprise is the Netherlands in fifth place, ahead of France, Germany and Canada. Dutch expertise in analyzing malware is particularly sharp…

Many countries outsource the dirtiest work to deniable proxies, like “hacktivists” and criminals….But while stealing things and disrupting networks is important, what matters most over the longer term is control of digital infrastructure, such as the hardware that runs mobile telecommunications and key apps. Dominance there will be crucial to economic strength and national security.

Excerpt from Digital dominance: A new global ranking of cyber-power throws up some surprises, Economist, Sept. 19, 2020

Who is Afraid of Shamoon? How to Wipe a Country Off the Face of the Earth

Leave a reply

Suspected Iranian hackers infiltrated critical infrastructure and government computers in the Persian Gulf nation of Bahrain in July-August  2019, raising fears among leaders in the region that Tehran is stepping up its cyberattacks amid growing tensions…Hackers broke into the systems of Bahrain’s National Security Agency—the country’s main criminal investigative authority—as well as the Ministry of Interior and the first deputy prime minister’s office, according to one of the people familiar with the matter.

On July 25, 2019 Bahrain authorities identified intrusions into its Electricity and Water Authority. The hackers shut down several systems in what the authorities believed was a test run of Iran’s capability to disrupt the country, the person said. “They had command and control of some of the systems,” the person said.  The breaches appeared broadly similar to two hacks in 2012 that knocked Qatar’s natural-gas firm RasGas offline and wiped data from computer hard drives belonging to Saudi Arabia’s Aramco national oil company, a devastating attack that relied on a powerful virus known as Shamoon.  Bahrain is the smallest country in the Persian Gulf, but it is strategically important because it’s the permanent home of the U.S. Navy’s Fifth Fleet and Navy Central Command. It is closely allied with its much larger neighbor, Saudi Arabia, a regional rival of Iran.

The Bahrain authorities haven’t definitively attributed the attack to Iran, but they have been provided intelligence by the U.S. and others suggesting Iran is behind it, the people familiar with the matter said….“In the first half of 2019, the Information & eGovernment Authority successfully intercepted over 6 million attacks and over 830,000 malicious emails. The attempted attacks did not result in downtime or disruption of government services,” 

Excerpt from High-Level Cyber Intrusions Hit Bahrain Amid Tensions With Iran, WSJ, Aug. 7, 2019

The Brutal Kangaroos

Leave a reply

On June 22nd 2017, WikiLeaks published documents from the Brutal Kangaroo project of the CIA. Brutal Kangaroo is a tool suite for Microsoft Windows that targets closed networks by air gap jumping using thumbdrives…

The documents describe how a CIA operation can infiltrate a closed network (or a single air-gapped computer) within an organization or enterprise without direct access. It first infects a Internet-connected computer within the organization (referred to as “primary host”) and installs the BrutalKangaroo malware on it. When a user is using the primary host and inserts a USB stick into it, the thumbdrive itself is infected with a separate malware. If this thumbdrive is used to copy data between the closed network and the LAN/WAN, the user will sooner or later plug the USB disk into a computer on the closed network. By browsing the USB drive with Windows Explorer on such a protected computer, it also gets infected with exfiltration/survey malware. If multiple computers on the closed network are under CIA control, they form a covert network to coordinate tasks and data exchange. Although not explicitly stated in the documents, this method of compromising closed networks is very similar to how Stuxnet worked.

Excerpts from Brutal Kangaroo Press Release Wikileaks, June 22, 2017

Hacking German Nuclear Plants

Leave a reply

A computer virus has been found in a nuclear power plant in Bavaria…The virus was found in Block B of the nuclear reactor at Gundremmingen in western Bavaria, a statement released by the power plant said.  The malware is well known to IT specialists and it attempts to create a connection to the internet without the user of the computer choosing to do so, the statement added…[T]he virus posed no danger to the public as all the computers which are responsible for controlling the plant are disconnected from one another and not connected to the internet. The virus is also not capable of manipulating the functions of the power plant, the statement claims. State authorities have been informed about the issues and specialists from the energy firm RWE are examining the computer system to asses how it became infected with the virus..

Germans are very sensitive to the dangers of nuclear technology… As recent as 2010, officials found traces of radioactivity connected to the 1986 Chernobyl catastrophe in German wildlife, like wild boar…Shortly after the Fukushima meltdown in 2011, Chancellor Angela Merkel announced that the country would phase out nuclear power by 2021…

Several newspapers reported that the terrorists behind the Paris attacks had the plans for a German nuclear facility, a claim later denied by German intelligence. Then, days later, it was found that inspectors responsible for carrying out safety checks at two nuclear plants had submitted fake reports.

Excerpts from Computer Virus in Bavarian Nuclear Plant, http://www.thelocal.de/, Apr. 26, 2016