Washington, D.C. and San Mateo, Calif. (April 17, 2015) – A comprehensive new report provides overwhelming evidence that cybersecurity attacks emanating from Iran and targeting U.S., Europe and Western interests are increasing at an alarming rate. The report, co-authored by the American Enterprise Institute’s Critical Threats Project and Norse Corporation, is the first to provide direct evidence of the rapid increase in recent Iranian cyber-attacks. These types of attacks pose critical threats to governments, banks, businesses and private citizens around the globe, especially in the U.S.

Among the key findings is that Iran is actually using computing resources from Western hosting and cloud-computing companies to carry out attacks against Western targets. 

In addition, the report details evidence of Iranian involvement in the following:

  • Cyber-attacks directly initiated from networks belonging to the Islamic Revolutionary Guard Corps.
  • The establishment of a cyber-attack infrastructure outside Iran, possibly in violation of international sanctions, which is used for attacks against Western companies.
  • Attacks on servers outside Iran to gain control of third-party systems that could be used in future Iranian cyber-attacks. This would make it very difficult to trace the attacks back to Iran.
  • Collaboration between the Iranian regime and Iranian civilian hackers who have a history of attacking Western computing assets.

The Norse Intelligence Network, which collected and analyzed the data for this report, found that the number of cyber-attacks from Iranian-controlled systems has more than doubled in the past 15 months.

Attacks launched from Iranian-controlled IP addresses increased 128 percent between January 2014 and mid-March 2015, and individual Norse sensors hit by Iranian IP addresses rose 229 percent. Over the same period, the number of systems compromised by Iranian interests increased by 508 percent.

Other major findings in the report include:

  • The evolution of Iran’s cyber-attack capability over the last few years has been characterized by computer network attacks — using destructive malware or denial-of-service attacks — to punish foreign players critical of the Iranian regime.
  • The technical capability of Iranian state-based cyber-attackers has evolved in a far shorter time (less than three years) than is found among countries not under international sanctions (perhaps 10 years or more).

The authors conclude that if Iran has been able to emerge as an increasingly capable and aggressive cybersecurity threat under international economic sanctions, lifting the sanctions as promised in the recently announced nuclear agreement will give Iran more resources to expand their offensive cyber-attack capabilities.


Norse is the leading innovator in the live threat intelligence security market. With the goal of transforming the traditionally reactive IT security industry, Norse offers proactive, intelligence-based security solutions that enable organizations to identify and defend against the advanced cyberthreats of today and tomorrow. Norse’s synchronous, global platform is a patent-pending infrastructure-based technology that continuously collects and analyzes real-time, high-risk Internet traffic to identify the sources of cyber attacks and fraud. Norse is the only provider of live, actionable, cyberthreat intelligence that enables organizations to prevent financial fraud and proactively defend against today’s most advanced cyber threats including zero day and advanced persistent threats. Norse has offices in Silicon Valley and St. Louis. Visit us online at norse-corp.com.