TEL AVIV: Israel appears to have launched a successful cyberattack on the Iranian nuclear enrichment facility in Natanz, causing a blackout at the facility on Sunday and resulting in heavy damage to centrifuges, according to Middle Eastern sources. These sources say the cyberattack succeeded in penetrating the facility’s physical and cyber protection layers installed after an earlier attack on the facility.
Iran’s Foreign Minister Mohammad Javad Zarif threatened that his country will “take revenge” on Israel for the destructive cyberattack.
High-confidence cyber threat intelligence and digital forensics evidence on Sunday’s incident remain sparse at the time of publication. The cyberattack is reminiscent of an attack on Natanz last year and Stuxnet, a computer worm first discovered in 2010. Stuxnet was designed specifically to target the same Natanz facility hit in Sunday’s cyberattack. Stuxnet also destroyed Iranian centrifuges at the facility. Stuxnet is widely believed to have been a US-Israeli collaboration, but neither country has ever officially confirmed its role in that incident.
Details around the specifics of the power outage at Natanz in Sunday’s incident are unclear at the time of publication. It’s possible that Natanz’s power systems were directly targeted as part of the cyberattack, but it’s also possible the power outage occurred as the result of a reported explosion at Natanz. It’s unclear right now whether or not the cyberattack somehow played a role in the reported explosion, and if so, how.
If Natanz’s power systems were directly targeted as part of Sunday’s cyberattack, then industrial control systems (ICS) are a likely attack vector. ICS are inherent to many power systems, used to monitor and control physical components, such as switches and circuit breakers. Stuxnet targeted four zero-day vulnerabilities in the Microsoft Windows operating system and then Natanz’s ICS for centrifuges used to enrich uranium. Stuxnet did not specifically target the facility’s power system ICS.
Keeping sensitive information safe in a new AI era
Why edge and endpoint security can’t be an afterthought.
Sources say that Natanz’s emergency backup power systems were impaired by some means in the attack — whether by cyber or physical is unclear right now. Such emergency backups are typically triggered to start automatically and immediately after primary system failure. To cause a total blackout like Sunday’s in a direct cyberattack on the power system, it would be necessary to successfully take down the facility’s primary generation system and at least one — perhaps multiple — emergency power backup systems simultaneously.
The attack occurred before U.S Defense Secretary Lloyd Austin arrived in Israel. Austin, due to meet with Israeli Prime Minister Netanyahu this afternoon, landed here Sunday and issued a standard statement about close relations between the US and Israel.
The subject of the damage was discussed during meetings the American defense secretary had here.
Israelis are deeply skeptical of what they often call the naiveté of the Biden administration in its handling of relations with the Iranian theocratic state. “The nice words that were said publicly after his meetings in Israel have not lowered the level of tension between Washington and Jerusalem on the Iranian issue,” an Israeli defense source said today. “Israel sees that the US is led by the nose by a regime that is cheating the world, to keep its gallop to the bomb.”
This view is shared by Israeli experts on Iran. The American policy is “way beyond naivety,” Mordechai Kedar, an expert on Iran, told BD. He added that, with a country like Iran, you have to talk with a “whip in hand” and not try to persuade it with “nice words.”
Gen. Aviv Kochavi, chief of staff of the IDF, said Sunday that the IDF’s “operations in the Middle East are not hidden from the eyes of the enemy. They are watching us, seeing our capabilities and weighing their steps with caution.” No Israeli official has publicly confirmed the attack.
Iran has implicated Israel, as it did after Stuxnet. Iranian nuclear officials called Sunday’s attack “nuclear terrorism.”
The US, of course, says it remains committed to Israel’s security and will work with the IDF to ensure it retains its qualitative military edge in the Middle East, Austin said Sunday, shortly after meeting with Israeli Defense Minister Benny Gantz. “Our bilateral relationship with Israel is central to regional stability,” Austin said.
Gantz said that Israel will work closely with the US to ensure that any new deal with Iran prevents a dangerous arms race in the region.
Austin visited the home base of Israel’s F-35 stealth fighters, Nevatim Air Force Base, and was briefed on some very advanced Israeli developed weapon systems. As BD readers know, Israel is working on highly classified additions to the F-35.
On Sunday, Iran’s Press TV said an electricity problem had caused an incident at the Natanz underground uranium enrichment site, without casualties or pollution.
Israel had no immediate official comment on the Natanz incident. The IDF’s top cyber operators, the 8200 unit, may well have been involved in any Israeli cyber strike.
The news of Sunday’s incident at Natanz comes as the major Western powers seek to return to the nuclear deal from which the US unilaterally withdrew in 2018.
According to Iranian television, the new “IR-9” centrifuge has the ability to separate uranium isotopes faster than current devices, which means more uranium enrichment.
According to the announcement, the output of the IR-9 centrifuge exceeds 50 times the capacity of the old IR-1.
More details may emerge about the cyberattack next week, when Kochavi and Mossad chief Yossi Cohen arrive in Washington.
Meanwhile, an Iranian ship, the MV Saviz, may have been attacked by Israel last week. The timing of the attack on the Iranian Revolutionary Guards ship cannot be separated from the date of the resumption of nuclear talks between representatives of the United States and Iran, says Yoni Ben Menachem, an expert on Iran in the Jerusalem Center for Public Affairs. “It is likely that Israel, if it did carry out the operation, also wanted to send a message to the Biden administration that the situation is very tense and that a return to the nuclear deal and the lifting of sanctions on Iran could strengthen the military option.”
Israeli defense sources say Iran may retaliate using ballistic missiles against Israeli targets or an attack by the Hezbollah in Lebanon, the Iranian proxy equipped with 140,000 rockets.
The apparent attacks on the Iranian spy ship and Natanz have created a “very explosive” situation, said a defense source here. The problem is knowing where the explosion will occur.
The IDF, sources here say, is on high alert, with all Israeli intelligence sensors operating full force to detect any imminent Iranian action.