Iran is typically seen as one of the big four cyber adversaries to the West — alongside Russia, China and North Korea. So far, however, there is little evidence to suggest it’s actively targeting Europe.
In fact, Iran’s cyber activity has largely stopped since the U.S. bombing began, according to one senior European cybersecurity official, granted anonymity to discuss ongoing assessments.
If and when European countries make their support for U.S. and Israeli activities more explicit, that will likely draw them into the firing line, cyber industry officials said. “Europe should definitely expect that exactly what happened in the Gulf could happen and should happen in Europe,” said Gil Messing, chief of staff at Israeli cyber firm Check Point.
Messing said his firm is already seeing evidence of cyberattacks in Cyprus, the only EU country that Iran has targeted with physical attacks so far. There’s no evidence of attacks in other European countries but it’s likely coming down the tracks, he said.
And if attacks do take place, Iran’s capabilities, though lessened in recent years, remain significant, experts said. Iran’s security and intelligence services have cyber units comprising hundreds of people, with tens of millions of dollars of funding, Messing said.
“If the regime lasts,” the senior official quoted above said, “they will be back.”
Victor Goury-Laffont, Laura Kayali, Antoaneta Roussi, Joshua Berlinger and Sebastian Starcevic contributed reporting.