Iran suffered from one of the most sophisticated cyber attacks in 2010, when the National Security Agency and other U.S. and Israeli operatives implemented a virus worm on Iranian nuclear power plants—named Stuxnet—destroying one fifth of its main nuclear centrifuges.
Even though the Stuxnet attack has been documented as one of the most sophisticated and hard to spot attacks, the Iranian intelligence force managed to notice it before all of the work on nuclear material had been corrupted.
Following the attack, Iran started investing more time into cyber warfare, learning from the Stuxnet attack and utilizing the same code on Saudi Aramco in 2012. Iranian cyber forces have also been responsible for attacking hundreds of companies worldwide, in the U.S., Europe, Japan, South Korea and other countries with DDoS (denial of service) attacks.
These attacks are normally used to steal private information about infrastructure or anything relating to the government, and the Tehran unit normally uses evasive measures to block any traces back to Iran.
In a recently leaked NSA document from whistleblower Edward Snowden, a report says the NSA are worried about Iran’s continued investment in cyber attacks, claiming it is learning from earlier attacks on Iran.
Iran is noted as one of the most dangerous countries for cyber attacks in the world, on the same level as China, Russia and the U.S. for potential damage. It is also the most active out of the four, using several tactics to steal information and damage infrastructure in several countries.
Continued attacks might lead to more NSA intervention, but in the past five years Iran has gained a lot of information on cyber security, making it harder for anyone to attack Tehran without being noticed by the defensive unit.