The US military conducted a major cyberattack on Iranian proxy group with forces in Iraq, Syria and inside Iran in the days after Iran shot down a US drone last week, according to two US officials with knowledge of what happened.
The cyberattack’s goal was to disable and degrade Kata’ib Hezbollah, an Iranian sponsored Shia militia group. The specific goal was to attack its networked communications, one official said. Neither of the officials, who asked not to be identified due to the sensitive nature of the information, would discuss how successful the cyberattack may have been.
Officially the Defense Department refused to comment. “The US Central Command declines to comment on any potential cyberattack,” said Capt. William Urban, spokesman for the command which oversees military operations in the Middle East.
The US military maintains a list of potential cybertargets that can be selected to attack. The President has the final sign-off, but a range of options are available for the secretary of defense and chairman of the Joint Chiefs to recommend.
CNN has previously reported that the US also launched a cyberattack last week against Iranian software systems that were being used to track commercial tankers in the Persian Gulf. A separate US official said that system had been destroyed by that cyberattack.
Kata’ib Hezbollah was designated a foreign terrorist organization by the US in 2009. US officials say Iran’s proxy forces are a particular concern because of their access to Iranian missiles. As tensions have increased in recent weeks between the US and Iran, there has been concern proxy forces could conduct attacks against US forces and allied interests in the region.
Kata’ib Hezbollah has claimed responsibility for numerous attacks since 2007, according to the State Department. A 2018 State Department report said the group had been responsible for attacks against US and coalition forces in Iraq, including a 2011 attack in Baghdad in which five US soldiers were killed.