Cyber Threat Actor: Iranian State-Sponsored Actors
| Actor Type | Location | Known Incidents |
Nation State
|
Iran
|
1 incident |
|---|
Profile
The threat actor is publiclyreferenced as Iranian State‑Sponsored Actors and is assessed to operate from Iran. British intelligence has attributed a 2017 cyber‑attack on the email accounts of UK parliament members to this actor, describing it as state‑sponsored. The alias reflects the perceived connection to the Iranian government rather than a criminal enterprise. No other names or affiliations are cited in the available material. The attribution rests on an unpublished assessment by UK authorities that dismissed initial suspicions of Russia and North Korea.
In June 2017 the actor conducted a brute‑force attack that targeted the email accounts of dozens of Members of Parliament, including the prime minister Theresa May and senior ministers, exploiting weak passwords to gain unauthorized access. The compromised network is used by MPs for constituent communications, and a security source told the Guardian at the time that the intrusion appeared to have been state‑sponsored. Parliamentary digital services detected the breach and secured the affected accounts, with a spokesman noting that those whose emails were compromised had used weak passwords despite prior advice. After the incident MPs such as Andrew Bridgen warned that the exposure could leave individuals open to blackmail, emphasizing that constituents expect their information to be completely secure. Liam Fox, the international trade secretary, linked the attack to reports that cabinet ministers’ passwords were being sold online and used the event to urge improved cybersecurity practices across public services. The episode prompted broader warnings about password security and highlighted the vulnerability of government email systems to credential‑based intrusions. This remains the only publicly referenced operation linked to the actor in the supplied context.
