WASHINGTON • A secret cyber attack against Iran in June wiped out a critical database used by the country's paramilitary arm to plot attacks against oil tankers and degraded Teheran's ability to covertly target shipping traffic in the Persian Gulf, at least temporarily, according to senior United States officials.
Teheran is still trying to recover information destroyed in the June 20 attack and restart some of the computer systems - including military communications networks - taken offline, the officials said.
Senior officials discussed the results of the strike in part to quell doubts within the Trump administration about whether the benefits of the operation outweighed the cost - lost intelligence and lost access to a critical network used by Iran's Revolutionary Guard.
The US and Iran have long been involved in an undeclared cyber conflict, one carefully calibrated to remain in the grey zone between war and peace.
The June 20 strike was a critical attack in that ongoing battle, officials said, and it went forward even after President Donald Trump called off a retaliatory air strike that day after Iran shot down a US drone.
Iran has not escalated its attacks in response, continuing its cyber operations against the US government and corporations at a steady rate, according to US government officials.
US cyber operations are designed to change Iran's behaviour without initiating a broader conflict or prompting retaliation, said Mr Norman Roule, a former senior intelligence official. Because they are rarely acknowledged publicly, cyber strikes are much like covert operations, he said.
"You need to ensure your adversary understands one message: The United States has enormous capabilities which they can never hope to match, and it would be best for all concerned if they simply stopped their offending actions," Mr Roule said.
The US Cyber Command has taken a more aggressive stance towards potential operations under the Trump administration, thanks to new congressional authorities and an executive order giving the Defence Department more leeway to plan and execute strikes.
The US government obtained intelligence that officials said showed the Revolutionary Guard was behind the limpet mine attacks that disabled oil tankers in the Gulf in attacks in May and June, although other governments did not directly blame Iran. The US Central Command showed some of its evidence against Iran one day before the cyber attack.
Washington judged the strike to be a proportional response to the downing of the drone - and a way to penalise Teheran for destroying its pilotless aircraft.
The database targeted in the cyber attacks, according to the senior official, helped Teheran choose which tankers to target and where. No tankers have been targeted in significant covert attacks since the June 20 cyber operation, although Teheran did seize a British tanker in retaliation for the detention of one of its own vessels.
Though the effects of the June cyber operation were always designed to be temporary, they have lasted longer than expected, and Iran is still trying to repair critical communications systems and has not recovered data lost in the attack, American officials said.
Cyber weapons, unlike conventional weapons, can be used only a few times or sometimes just once. Targets can find the vulnerability used to get access to their networks, then engineer a patch to block that opening.
"Iran is a sophisticated actor. They will look at what happened," said Mr Mark Quantock, a retired major-general who served as the director of intelligence for the US Central Command, which oversees operations related to Iran.