The assassination by missile last night of Iranian Revolutionary Guard Corps Quds Force commander Major General Qasem Soleimani and four other senior Iranian officers has triggered vows of revenge from Iran’s Supreme Leader and other members of Iran’s leadership. Those vows have raised concerns about both physical and electronic attacks by Iran against the US and other targets—including an expansion of the already noted broadening attempts at cyber attacks by Iranian state-sponsored hackers.
A Department of Defense spokesperson said in a statement on the attack, “At the direction of the President, the US military has taken decisive defensive action to protect US personnel abroad by killing Qasem Soleimani… General Soleimani was actively developing plans to attack American diplomats and service members in Iraq and throughout the region.”
The attack, apparently launched from a drone against Soleimani’s motorcade as it left Baghdad International Airport, also is reported to have killed Abu Mahdi al-Muhandis, the leader of Iraq’s Kata’ib Hezbollah militia—the force the US blamed for a December 27, 2019 rocket attack on a Peshmerga-operated base that killed a US contractor and wounded several US soldiers there as part of a training operation. Soleimani was alleged by the Defense Department’s spokesperson to have orchestrated that attack, as well as the protest and assault on the US Embassy in Baghdad this week.
Al-Muhandis was also the deputy chief of the Popular Mobilization Forces, the militia group called up to fight the Islamic State. Iraqi government officials, including Iraqi Prime Minister Adel Abdul-Mahdi, were outraged by the attack. The official spokesman for the Iraqi Ministry of Defense said in a Twitter post that the MOD mourned for al-Muhandis, “who was martyred last night following an air strike carried out by the American planes near Baghdad International Airport with a number of employees of the Popular Mobilization Organization.”
An Al Arabiya report claims that Soleimani was killed by a Hellfire R9X “flying Ginsu” missile—giving that as the reason that Soleimani’s ringed hand and other remains of victims were “cut into parts.” But given that multiple vehicles were attacked and the vehicles exploded, that seems unlikely. Soleimani controlled much of Iran’s foreign policy and reported directly to Iran’s Supreme Leader, Ayatollah Ali Khamenei.
A smorgasbord of responses
Iran’s options for a response to the United States are limited only by how much Iran’s leadership wants to escalate the brinksmanship. At the low end of the spectrum, Iran has already demonstrated its desire and capability to launch cyber-attacks against US companies. The Department of Homeland Security issued a warning about a potential wave of destructive attacks coming from Iran last summer. Microsoft reported in October that Iranian hackers had targeted a US presidential campaign (which Reuters identified as President Trump’s).
And in December, IBM X-Force reported the discovery of a new Iranian “wiper” malware variant in an attack against companies in an unidentified Gulf state. The attack was associated with the Iranian threat group “Oilrig” (also known as APT 34). Another Iranian threat group, APT 33, has been targeting industrial control systems in the US through a series of password-spraying attacks against manufacturers, industrial equipment suppliers, and other firms associated with industrial controls, according to Microsoft security researchers. Other attacks have focused on US energy companies.
Dmitri Alperovitch, co-founder and CTO at the security firm CrowdStrike, laid out the most immediate potential responses:
Possible Iranian retaliation we could see soon to killing of Qassem Suleimani:
* Terrorist attacks against Americans and US interests in Iraq and across Middle East
* Targeting of Saudi oil and other critical infrastructure (kinetic and cyber) 1/2— Dmitri Alperovitch (@DAlperovitch) January 3, 2020
These sorts of attacks are at the low end of the potential spectrum of threats, however. Iran could use its own drones to target US personnel in Iraq or launch the same types of attacks that have taken hundreds of US service members’ lives over the past two decades—with improvised explosive devices, rocket attacks, or insider attacks at training facilities. They could close the Straits of Hormuz to tanker traffic and attack ships with drones. They could attack Saudi oil facilities with drones as they have been alleged to have done in the past.
It is likely that the response will be any or all of these things in some combination. In the meantime, the US faces the prospect of having its forces kicked out of Iraq by the Iraqi parliament after what is seen as a second violation of the nation’s sovereignty, and there could be a loss of access to intelligence on activities in Iran and Syria. Whatever happens, the coming weeks and months in the region (and everywhere else, potentially) are bound to be ugly and messy.
https://arstechnica.com/?p=1638517