WASHINGTON — United States Cyber Command on Thursday conducted online attacks against an Iranian intelligence group that American officials believe helped plan the attacks against oil tankers in recent weeks, according to people briefed on the operation.
The intrusion occurred the same day President Trump called off a strike on Iranian targets like radar and missile batteries. But the cyberoperation was allowed to go forward because it was intended to be below the threshold of armed conflict — using the same shadow tactics that Iran has used.
The online attacks, which had been planned for several weeks, were ultimately meant to be a direct response to both the tanker attacks this month and the downing of an American drone this week, according to the people briefed on the operations.
Multiple computer systems were targeted, according to people briefed on the operations, including those believed to have been used by an Iranian intelligence group that helped plan the tanker attacks.
An additional breach, according to one person briefed on the operations, targeted other computer systems that control Iranian missile launches.
Determining the effectiveness of a cyberattack on the missile launch system is particularly difficult. Its effectiveness could be judged only if Iran tried to fire a missile and the launch failed.
The online operation was first reported Friday by Yahoo News. Few details are known, but the breach was meant to take the Iranian intelligence group offline for a time, similar to one that temporarily took down Russia’s Internet Research Agency in November during and immediately after the United States’ midterm elections.
On Saturday, Christopher C. Krebs, the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, issued a warning about Iranian cyberattacks on American industries and government agencies, saying “malicious cyberactivity” was on the rise.
“We will continue to work with our intelligence community and cybersecurity partners to monitor Iranian cyberactivity, share information and take steps to keep America and our allies safe,” Mr. Krebs said.
The Iranian attacks do more than just steal data and money — they also seek to delete data or take down entire networks. “What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network,” Mr. Krebs warned.
Beyond the cyberoperation, military and intelligence officials also are trying to devise other operations that would not escalate tensions with Iran but would try to deter further attacks on oil tankers or American aircraft and prod Tehran to stop, or dial back, its shadow war, according to current and former officials.
Mr. Trump’s decision on Thursday to call off military strikes even as planes were in the air and ships were in position has given Tehran a chance to try to de-escalate the situation. But if Iran does not seize the opportunity, and instead targets additional oil tankers or fires missiles at other aircraft, the United States will need to take actions to try to re-establish deterrence, current and former officials said.