Cyber Incident Victim: Iran Internet infrastructure
Date:
Feb 2020
Location:
Iran
Summary
A cyber attack targeting Iranian infrastructure caused a severe nationwide internet disruption, significantly reducing connectivity by approximately 75% for seven hours. The incident prompted authorities to activate the 'Digital Fortress' (DZHAFA) cyber-defense mechanism to repel what was described as a highly distributed denial-of-service (DDoS) attack affecting both fixed-line and mobile networks. While officials denied state involvement in the attack, the defensive measure successfully neutralized the threat. This incident followed prior deployments of the DZHAFA system against state-sponsored cyber operations, including previous espionage attempts on government systems. The disruption coincided with unrelated delays in a satellite launch, though no direct link was established between the two events.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 8, 2020, a cyber attack targeting Iranian internet infrastructure caused widespread connectivity disruptions, with NetBlocks reporting a 75% national internet traffic reduction lasting approximately seven hours. Iranian authorities activated the 'Digital Fortress' (DZHAFA) cyber-defense mechanism to counter the attack, which primarily manifested as a distributed denial-of-service (DDoS) assault. The Telecommunication Infrastructure Company confirmed through spokesperson Sadjad Bonabi that the Dzhafa Shield interventions successfully neutralized the attack vectors, which were characterized as "highly distributed." Both fixed-line and mobile networks experienced significant degradation during the incident, with peak disruption occurring on the evening of February 8. The defensive activation coincided with technical disruptions across multiple network layers, though authorities maintained operational control of core infrastructure throughout the event.
The incident occurred alongside the postponed launch of Iran's Zafar observation satellite, though officials explicitly denied any connection between the two events. Aerospace Organization head Morteza Barari attributed the satellite delay to routine finalization checks rather than cyber interference. Historically, Iran had deployed the DZHAFA system against state-sponsored cyber operations, including a documented 2019 case where it repelled espionage attempts targeting government servers. This defense mechanism forms part of Iran's established countermeasures against foreign cyber threats, which previously included U.S.-led offensive operations against Iranian missile systems in 2019. While the attack's origin remained unconfirmed, Iranian officials refuted allegations of state actor involvement, contrasting the event with China's state-linked 'Great Cannon' attacks against Hong Kong networks in 2019. Network stability was fully restored within the seven-hour operational window following DZHAFA's implementation.