The Growing Threat of Cyber Cooperation Between Russia and Iran
Since 2021, Russia and Iran have undertaken extensive cybersecurity cooperation, most of which has focused on common defensive measures. However, in late March, Moscow delivered a substantial upgrade to the Islamic regime’s digital arsenal. As the Wall Street Journal has reported, the Kremlin is now delivering powerful surveillance software to Tehran.
The prospect of enhanced Iranian cyber capabilities should obviously concern U.S. officials. Tehran has undertaken increasingly aggressive and disruptive cyberattacks against America and its partners over the last decade. The growing authoritarian partnership with Moscow—both in cyberspace and in conventional domains—will only accelerate the development of Iran’s cyber capacity. There are a few reasons the Kremlin is unlikely to transfer offensive cyber capabilities to Tehran. But even greater cooperation between the two countries is a threat to U.S. interests, and the longer Russia’s foray into Ukraine lasts, the more leverage Iran will have over it.
What would keep Russia from giving Iran the capability to attack U.S.-based networks? Some offensive components, such as malware programs and exploits for vulnerabilities are “rivalrous goods”—the consumption or use of these tools by one hacker precludes the reasonable or effective use of the same capabilities by others. Such capabilities are also “use it and lose it” in nature: Once deployed to disrupt U.S. networks, they have little reuse value. Additionally, sharing offensive tools would require Russia to give Iran too much access to its broader offensive cyber operations ecosystem, and there is the risk of misattribution—that any attacks by Iran could be blamed on Russia instead.
In contrast, sharing cyber espionage capabilities comes with fewer barriers. Cyber espionage capabilities are by necessity covert: Unlike offensive tools designed to degrade, disrupt, or destroy a target’s computer or network functionality, effective digital spying requires a hidden, prolonged presence on computers or networks. This means that surveillance capabilities generally have a longer lifespan than tools meant for disruption. And because of the covert nature of cyber espionage, attackers can use the same digital spy tools without compromising the future use of those tools by other attackers. As long as targets remain unaware of information collection and exfiltration on their networks, both Russian and Iranian hackers could utilize the same vulnerabilities, exploits, or malware with few negative repercussions.