Google threat chief: While Iran launches missiles, its spies are targeting troops' inboxes

With all eyes on Iranian missile and drone attacks, could servicemen and women fall victim to a different kind of offensive? 

Iranian spies are trying to map where forces are, what's moving and what comes next – that can mean direct cyber attacks on individual servicemen and women, warns John Hultquist, the chief analyst for Google’s Threat Intelligence Group.

"Right now they're probably trying to figure out the disposition of forces... so that they can inform their own military leaders," he told BFBS Forces News.

• Can Iran hit the UK? Country's weapons in spotlight after attack on Cyprus RAF base
• Airbase evacuations begin after RAF Akrotiri airfield hit with drone attack
• US assets in Middle East come into play as country launches combat ops against Iran

"That means probably targeting of servicemen and women, through things like their email. I would not be surprised to see social engineering schemes. This is them essentially convincing you to click on something you shouldn't click. 

"It's a time to be really prepared and thinking about what you're doing online."

Mr Hultquist's warning came as the UK's National Cyber Security Centre (NCSC) warned organisations to review their cyber security posture due to the situation in the Middle East.

While the NCSC said there was likely no immediate major change in the cyber threat Iran poses to the UK, it warned organisations with a presence or supply chains in the Middle East to remain alert to indirect cyber threats and said Iranian operatives "almost certainly currently maintain at least some capability to conduct cyber activity".

Mr Hultquist, a former staff sergeant in the US Army, said Iranian operatives are far from amateur. 

In fact, he describes them as "exceptional" and says once-primitive cyber-attacks are no longer so easy to spot.

"They've come a long way," he said. "One of the ways that they do this is instead of just sending you something right off the bat, they have a conversation with you. 

"I have seen these conversations go on for a month where they convince somebody that they're a recruiter or they're even a journalist... they will have a long-term conversation and then eventually send somebody something malicious when they're not necessarily looking for it."

Mr Hultquist is in London for a detailed discussion about cyber sabotage hosted by the defence think-tank RUSI.

He characterised Iranian abilities as aggressive and bold but relatively unsophisticated. However, he said that what they lack in tech terms, they compensate for with imagination and daring. 

He counselled the audience at RUSI to take Iranian claims of successfully using cyber to target and attack critical national infrastructure with a pinch of salt.

"The adversary is a liar – the point of all this activity is psychological – so if they can achieve a psychological effect by lying, so much the better."

The NCSC said organisations should:

• Prepare to respond to the risk of collateral impacts in the UK from Iran-linked hackers
• Sign up for its early warning service to be alerted to security issues
• Follow the sabotage guidance from the National Protective Security Authority to protect sites from physical threats

More information can be found here.