WASHINGTON • The United States Cyber Command conducted online attacks against an Iranian intelligence group that US officials believe helped plan the attacks against oil tankers in recent weeks, according to people briefed on the operation.
The intrusion occurred last Thursday, the same day US President Donald Trump called off a strike on Iranian targets such as radar and missile batteries. But the online operation was allowed to go forward because it was intended to be below the threshold of armed conflict - using the same shadow tactics that Iran has deployed.
The online attacks, which had been planned for several weeks, were ultimately meant to be a direct response to both the tanker attacks this month and the downing of a US drone last week, according to the people briefed.
Multiple computer systems were targeted, including those believed to have been used by an Iranian intelligence group that helped plan the tanker attacks. An additional breach targeted other computer systems that control Iranian missile launches.
Determining the effectiveness of a cyber attack on the missile launch system is particularly difficult. Its effectiveness could be judged only if Iran tried to fire a missile and the launch failed.
The online operation was first reported on Friday by Yahoo News.
Few details are known, but the breach was meant to take the Iranian intelligence group offline for a time, similar to one that temporarily took down Russia's IRA agency last November during and immediately after the US mid-term elections.
On Saturday, Mr Christopher Krebs, director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, issued a warning about Iranian attacks on American industries and government agencies, saying that "malicious cyber activity" was on the rise.
"We will continue to work with our intelligence community and cyber security partners to monitor Iranian cyber activity, share information and take steps to keep America and our allies safe," Mr Krebs said.
Such intrusions by Iran do more than just steal data and money - they also seek to delete data or take down entire networks.
"What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you have lost your whole network," Mr Krebs warned.
Beyond the online operation, US military and intelligence officials are also trying to devise other operations that would not escalate tensions with Iran but would try to deter further aggression and prod Teheran to stop, or dial back, its shadow war, according to current and former officials.
The downing of the drone last Thursday underlined the already tense relations between the countries after Mr Trump's recent accusations that Iran was to blame for explosions this month that crippled two oil tankers near the vital Strait of Hormuz.
Iran has denied that accusation.