Amid rising tensions with Iran following the country’s downing of a U.S. surveillance drone last month, President Trump reportedly ordered and then called off military strikes against targets in Iran. Soon, news reports indicated that, in lieu of those strikes, U.S. Cyber Command had taken offensive action against Iranian targets. The operation was first reported by Yahoo News, which described it as a “retaliatory digital strike against an Iranian spy group.” Shortly afterward, several other outlets picked up the story.
After the news broke, Bobby Chesney, writing about the legal context for the reported operations on Lawfare, offered a note of caution: “Details remains sparse, and so the analysis that follows is necessarily subject to revision as more emerges.” But two weeks later, the specifics of the operation remain unclear. The Pentagon has declined to provide further details, saying that “as a matter of policy and for operational security, we do not discuss cyberspace operations, intelligence or planning.” Moreover, the available reports demonstrate a lack of agreement, even among major news outlets, as to what precisely happened. But a careful reading of the reporting suggests that the U.S. response consisted of three distinct operations.
Multiple outlets have reported that U.S. Cyber Command targeted command and control systems used by the Islamic Revolutionary Guard Corps (IRGC) to launch missiles and rockets. This appears to be the first operation. The really happened cyber command action against
