Iran: Stuxnet Successor Silently Succeeds


November 2, 2018: Israel has developed and used a more powerful version of its decade old Stuxnet malware to infect and damage Iranian networks and strategic systems. The new Stuxnet has not received a name (as have earlier Stuxnet successors like Duqu, Gauss and Flame) but the impact was so serious and the rumors and gossip inside Iran so widespread and detailed that the Iranian government admitted at the end of October that there had been an attack but that it “was being controlled.” In Iran, that’s government-speak for “we got a major problem and we’d rather not talk about it.”

The original 2010 Stuxnet discovery in Iran elicited a similar response. The government bravado did not last and by 2012 the government warned Iranians to brace themselves for more Cyber War attacks by the U.S., Britain and Israel. This came after the U.S. admitted that several successful Cyber War attacks on Iran were indeed the product of a joint American-Israeli effort. Iran always includes Britain in these foreign conspiracies because Britain has been successfully interfering with Iranian diplomacy for several centuries and is greatly resented for this.

The Cyber War attacks were all coming from the U.S. and Israel and this Cyber War offensive turned out to be a huge undertaking with many of these secret software programs going undiscovered inside Iran for years. When these programs are discovered the subsequent investigation usually reveals that the stuff has been active for several years. The original Stuxnet attack was seen as a major defeat for Iran, which had operated a successful smuggling and money laundering program for decades because of their ability to keep the details secret. With the Stuxnet revelations, it became clear that much of that secrecy was long gone because of the American/Israeli Internet espionage/sabotage campaign.

Iran struck back with cruder (and more readily available) cyber weapons (like hacking Western websites or shutting some down with DDOS attacks). Iran has a lot of smart, patriotic and well-educated people who don’t have good jobs. A serious Cyber War capability was possible and Iran tried to create one. This effort was crippled by many of the key tech staff realizing that the Iranian government was delusional as well as corrupt and incompetent and the best option was to emigrate. The government tries to discourage this sort of thing but cannot prevent young Iranians, especially the better-educated ones, from getting out. There is not really much of a market for well-educated and capable young Iranians and the government is largely responsible for the poor performance of the economy and Iranians don’t need a college degree to figure that out. To make perceptions even more toxic there are the continuing government calls to destroy Israel followed by a growing number of Israeli responses like the January Mossad heist of Iranian nuclear program docs and numerous air attacks on Iranian forces in Syria. At the end of October, the government admitted that the personal cell phone of Iranian president had been secretly tapped. Now Israel has again struck with another major Cyber War attack is also exposing Iranian assassination and terror attack plans in Europe and the Americas.


One reason the revival of American sanctions is doing so much damage is that the American created some new methods for making the sanctions work. For example in 2017 the United States created CAATSA (Countering America’s Adversaries through Sanctions Act) which made it difficult, and in some cases impossible, for Russia to get paid for weapons exports or Iran (since May 2018) for its oil exports. India, which has been improving diplomatic and military relations with the United States is potentially subject to the full force of CAATSA as it tries to carry out major ship and air defense purchases from Russia and continue import large quantities of oil from Iran. India hopes to get an exemption on all or some of these purchases. India and Russia have already agreed to pay for the ships and air defense purchases without using dollars. India would pay in its currency (the rupee) and Russia could use the rupee to buy goods from India. However, full use of CAATSA seeks to prohibit even that and given the control the Americans exercise on the global banking system going full CAATSA would be a major problem for Russia and India.

For Iran, the economic and political apocalypse has escalated as the last, and most damaging of the renewed American sanctions (curbing Iranian oil exports) goes in effect on November 5th. The IMF and other foreign economists see the resumption of sanctions already creating major declines in economic activity. Iranian GDP is expected to decline 1.5 percent this year and nearly four percent in 2019. Inflation will also continue rising towards 30 percent or more in 2019. The inflation is mainly the result of shortages of essential items, like medicines and many consumer items. Food is getting more expensive. The shortages and rising prices are mainly because the rial has lost 70 percent of its value compared to the American dollar. Currently, one dollar costs 152.000 rials on the black market versus the official (government) rate of 42,000 rials. The government does not have enough dollars to meet demand and increasingly the black market rate is all anyone has access to. Most trade is conducted in dollars and Iran, because of the renewed sanctions, is no longer a welcome trade partner. Thus in the last month prices for basic goods in Iran have gone up nearly 50 percent. Inside Iran, the financial situation is made much worse by the accumulated bad debts created by decades of corrupt business deals. Those uncollectable debts and the continuation of the corrupt business deals that create them leaves the banking system unable to be much help in hard times. Smuggling has increased but that has a minor impact on the situation.

Oil exports are rapidly declining as the United States tells nations that buy oil to stop or face the loss of business with the American economy. Even loyal Iranian oil customers like China and India are cutting orders and seeking other suppliers. However, the U.S. has granted South Korea, India (and six others) exemptions so they can still continue importing some Iranian oil. In most cases, this is because these countries are American allies and cannot easily find other suppliers for the type of oil Iran provides.

So far Iranian oil sales have declined from their 2018 peak of 2.4 million BPD (barrels per day) in April to 1.5 million BPD now and a million BPD or less by early 2019. This is worse than it was before the sanctions were lifted in 2015. That is because the Americans have adapted to past oil embargo scams and Iran and its outlaw customers have not yet managed to adapt. The lifting of sanctions in early 2016 has been good to Iran. In 2016 oil exports increased to two million BPD, a level not seen since 2012. Overall oil production increased to 3.8 million BPD. Exports in general quickly doubled over 2015 levels. The government is making plans to soon achieve annual GDP growth of eight percent. That has all been canceled once the U.S. announced (in May) the revival of sanctions. At that point, oil production was 4.5 million BPD and it is now falling because regular oil customers are reducing orders. Most of the Iran oil was exported and now that export income is rapidly disappearing. Even China and India, two major customers who said they would defy the sanctions, have cut orders because sanctions will increase shipping costs and also increase the risk of Iran going to war. Sanctions mean the cost of insurance rises and fewer shipping companies are willing to provide tankers to move sanctioned oil. Something the religious dictatorship don’t like to dwell on is that before they took over after the 1979 revolution oil production was over 6 million BPD and closing in on seven million. The clerics have mismanaged the economy for over thirty years now and that is one reason they can no longer blame foreigners for all the problems.


In western Iraq (Anbar province) Iran ordered some of its most loyal PMF (Peoples Mobilization Forces) militias to use violence (bomb attacks, assassination)) against Iraqi army units that interfere with the movement of Iranian military supplies through Anbar into Syria. The Iran controlled PMFs are also expected to prevent economic reconstruction in Anbar, which puts these PMFs at odds with most Anbar residents (who tend to be Sunni). Pro-Iran PMF commanders have moved slowly and as covertly as possible with this because most of the armed men in Anbar are hostile to these Iranian orders.

Iranian efforts to dominate Iraq have fallen way short of expectations. For the moment Iran is still trying to halt Iraqi political or military decisions that weaken Iranian ability to do what they want in Iraq. This Iranian interference slowed down the formation of a new Iraqi government and continuing efforts to defeat the remaining Islamic terror groups in Iraq. Iran has political and military goals that clash with what most Iraqis want. Pro-Iran Iraqi politicians want to provide Iran with more access and influence over Iraqi government decisions. When it comes to the Iraqi security forces Iran wants its PMF units to maintain their independence from army control. That enables Iran to use Iraq for operations in Syria and against the Sunni states of Arabia (especially Saudi Arabia). Most Iraqis don’t want to be involved with the Iranian military goals in Syria (attacking Israel) or Arabia (fighting Saudi Arabia over oil and control of Islamic holy places.)

Opinion surveys show nearly all young Iraqis see no future in Islamic radicalism and terrorism, which has, for most of their young lives been more of a threat than a source of salvation. Down in Basra the ongoing riots and demonstrations are about basics, like clean water and regular electricity supplies. The Basra unrest has been going on since July (triggered by polluted drinking water) and at least 40 protestors have been killed and many more wounded or arrested. Dozens have disappeared and feared dead. The protestors note that Iran backed militias are also involved in attacking the demonstrators. This, for many young Iraqis, confirms suspicions that Iran is not their friend. The government has promised to improve living conditions in Basra but that slow in coming.

Iraqi anti-government demonstrators were always angry at Iran. In part, this was because of the Iran backed PMF militias, whose leaders often speak of imposing a religious dictatorship in Iraq and generally ignored all the corruption. The current Iraqi enthusiasm for battling corruption is hurting Iranian efforts to expand its influence inside Iraq. That’s because pro-Iran groups in Iraq have long justified outlaw behavior in order to serve their mentor Iran. This has led to Iraqi army commanders being more aggressive in dealing with Iran backed PMF units.

Most of the PMF units were formed in late 2014 to fight ISIL. Since then the PMF has been put on the government payroll, despite the fact that nearly half of them are also supported by Iranian cash and equipment. Since the government began paying PMF militiamen the PMF became part of the defense forces. Technically the army can order PMF units around but until recently the Iran-backed PMF would often ignore those orders. In some cases, PMF commanders would threaten army officers. Given the results of the recent elections (pro-Iran parties did poorly) and the growing popular unrest in Iran attitudes have changed. Iraqi army officers are not just ordering pro-Iran PMF units to back off but using force to make the PMF comply. So far this has not gone much beyond armed confrontations (which often work) and arresting (“kidnapping” according to pro-Iran Iraqis) PMF men who disobey army orders. Apparently, the anti-Iran election results have led to pro-Iran PMF commanders being advised (by Iran) to play nice with the army and back off. This is seen as temporary as there is no sign that pro-Iran PMF groups will cease to take orders from Iran. Iraqis believe the pro-Iran PMF units are backing off as part of an Iranian effort to persuade Iraq to oppose the renewed American economic sanctions on Iran. Iraqi leaders were under a lot of political pressure from Iran to ignore the American sanctions, if only because complying would hurt the Iraqi economy. That pressure caused some hesitation by Iraqi leaders until they realized that most Iraqis preferred the Americans to the Iranians. After all, when Iraq asked the Americans to leave in 2011 they did. Iraq is seeking an exemption to some of the Iran sanctions because otherwise the Iraqi economy would suffer. No American response to that yet.


Iranian mercenaries are most active in eastern Syria, near the Iraqi border. Currently, much of the activity is in the Euphrates River Valley and the towns of Bokamal and Mayadin. The Iranian led forces are working with Syrian Shia militias to reestablish control over an area occupied by ISIL since 2013 or 2014. For the Iranians, the main goal is to establish routes from Iraq and through Syria to Lebanon for Iranian military cargo.

Israel is warning Lebanon and Iraq that Iranian use of their territory to upgrade unguided rockets with GPS guidance kits will result in Israeli airstrikes to destroy those operations unless local governments act. Lebanon is more of a problem because of its relationship with Iran and Syria. Hezbollah, a 1980s creation of Iran, is an autonomous military force in Lebanon and dominates local politics via terror and threats of violence against those who resist. Hezbollah, like its patron Iran, is dedicated to the destruction of Israel. Iran is currently trying to turn Syria and Iraq into subject states similar to Lebanon. Most Syrians and Iraqis want to avoid this but it isn’t easy because Iran is clever, determined and fanatic about the “destroy Israel” thing. What complicates the situation in Syria is that there a lot of major players.

Iran is finding less consideration and cooperation from its allies in Syria. Russia, Turkey and the Assad government see the continuing Israeli airstrikes on Iranian targets in Syria as a matter between Israel and Iran. The obsession with destroying Israel is seen as an Iranian weakness. Discussions continue on how Russia, Iran and Turkey will operate in Syria once the civil war is officially over. Iran insists that it will still be in Syria at that point. Syria is negotiating peace deals with Kurds (who control the northeast), Druze (who occupy much of the Israeli-Jordan border) and Sunni groups (tribal leaders and local leaders who have not been hostile). Syria wants to attract a lot of foreign aid for reconstruction but that is complicated by Iranian plans to establish a permanent military presence and continue threatening Israel. Several members of the Assad clan are facing war crimes charges and Lebanon, Turkey and Jordan want to send back several million Sunni Arab refugees (which the Assads do not want). The war will not end quickly or in a tidy fashion.


Iran continues to supply the Shia rebels with weapons and equipment despite energetic efforts to block the smuggling. The naval patrols off Yemen enforcing the blockade have to contend with hundreds of small craft operating near them each day, more than can be searched. But enough smuggler boats have been detected and caught since 2015 to make it clear that this smuggling route was still active. It was also interest to note where the weapons were coming from. As of late-2018 North Korea was still exporting weapons like rockets, small arms and ammo to Yemen, as well as Libya and Syria. Whenever there is a successful interception the Saudis will increase their naval patrols near where it happened and search more fishing or cargo boats. If nothing else that causes the boat operators to dump their illegal weapons cargo overboard before the boarding party reaches them. Some boats refused to be searched and are fired on. This form of smuggling is more important as the government forces move closer to driving the rebels out of Hodeida and making it possible for all cargoes to be thoroughly searched. That will cut off the supply of Iranian ballistic missile components, which have, over the last two years, allowed more than two hundred of these short-range ballistic missiles to be assembled in northern Yemen and eventually fired into Saudi Arabia.

One very under-reported Iranian contribution to the Shia rebel effort is an effective media manipulation effort. Not as massive or well-equipped as the ones created by China and Russia (the main practitioners of this) but the Iranians do pretty well spinning news of events in Yemen to favor, as much as possible, the Shia rebels. The Iranians know what appeals to mass media, especially in the West, and what does not. Thus anytime a coalition airstrike kills civilians (or rebels who can be described as such) the Iranians see that pictures and stories are supplied to news media worldwide. Coverage of the nasty things the Shia rebels do to hostile civilians in areas they control is not reported because no journalists are allowed in rebel areas. Thus it is only later that it becomes known that the rebels were using civilians as human shields or letting them use a road the rebels know is constantly watched and most vehicles seen on it are hit with an air strike. The “hit anything that moves” policy can isolate a rebel force under attack and make the rebels easier to defeat.

The Iranians will also send out stories of rebel-controlled civilians going hungry when that can be blamed on the coalition, the Yemeni government or the West. Another technique is to make false claims of damage from Shia ballistic missile or UAV attacks on Saudi or UAE targets. These claims are eventually found to be false but Iranian media experts know that if you can get some traction with the initial story that is what most people will remember. Truth isn’t what counts here but supplying what editors are seeking at the moment.


Until recently there were over two million Afghans living in Iran, most of them Shia and refugees (or children of) fleeing recent (since the 1980s) wars in Afghanistan. While these largely Shia refugees feel some affinity with Iran they are still Afghan and many got involved with the lucrative drug smuggling business. This is dangerous as well as lucrative and has turned the Afghan-Iran border into a combat zone. Since the refugees tend to provide a lot of these smugglers, shelter them while profiting from money earned smuggling, the refugees are not very popular in Iran and it is difficult for Afghan refugees to become permanent residents. In 2012 Iran came up with a solution; allowing Afghan Shia in Iran to join an Iranian sponsored mercenary force in Syria. Iran was trying to keep the Syrian government in power against an uprising by the majority of Syrians (who are Sunni). The Shia minority has ruled Syria for over 40 years and since the 1980s done so with the financial and material support of Iran. After 2012 that support included more and more foreign Shia fighters recruited, trained (usually in only a few weeks), paid and led by Iranians. The key benefit for Afghan volunteers from Iran was that successful service (especially if killed or disabled) provided the volunteer and his family with permanent residency in Iran. Over 20,000 Afghans from Iran have volunteered so far and some 20 percent have been killed or wounded. Despite the losses, Afghans kept volunteering because the payoff was relatively large and real. The Iranians kept their end of the bargain. But some of the Afghan volunteers did desert and provided foreign journalists and intel analysts with details of how the system worked. For one thing, Iranian recruiters stressed the religious angle and the need to protect fellow Shia in Syria. The reality was that Iran needed tough and fearless fighters to deal with Sunni Islamic terrorist groups (mostly al Qaeda and ISIL) who comprised most of the opposition. These Sunni fanatics were responsible for numerous (and ongoing) attacks on Afghan Shia and that was sufficient motivation for most of the Afghan volunteers who come from a warrior culture. In addition to keeping their end of the deal, Iran provided (since late 2016) the Afghan volunteers with more public praise in the Iranian media. Most of the Afghans killed in Syria are flown home for burial in Iran and photos or video of the funerals often show up in the media. The families of the “martyrs” are praised as well and often shown receiving their residency papers and other benefits as well (access to better housing, medical care and so on). All this angers many Afghans who see it as another Iranian scheme to exploit Afghanistan. It is, but the Afghan refugees keep volunteering. Even before the sanctions on Iran were revived earlier in 2018 the Iranian economy was having problems and so far this year about 30 percent of Afghan refugees in Iran had returned to Afghanistan. Among those refugees were many Hazara who had fought in Syria and had often fought ISIL forces there. Now the ISIL groups in Afghanistan have Hazara with combat experience against ISIL back in Afghanistan and organizing Shia militias to defend Afghan Shia from ISIL. This has already caused ISIL to be more careful while planning attacks on Shia.

Iran would like the U.S. to get out of Afghanistan and many Americans want to just leave. The problem is just getting out leaves Afghanistan at the mercy of Pakistan, Iran and Russia, as well as all the drug gangs, Islamic terror groups and numerous Afghans who oppose the drugs and all the outside interference. The drugs and Islamic terrorism will still be major exports. The West can leave Afghanistan but the ills of Afghanistan won’t leave the West and that is just fine with Pakistan.

October 29, 2018: Israel admitted that it continues to carry out airstrikes in Syria against Iranian and Hezbollah targets. Since Septembers 17 (when a Syrian SAM shot down a Russian recon plane off the coast in the aftermath of an Israeli airstrike) most of the news has been about Russia sending Syria free S-300 SAM batteries (which are still not operational) and openly blaming Israel for the loss of the recon aircraft and its 15 member crew. Israel rarely comments on these airstrikes, at least not soon after they occur or not until someone else (Syria, Iran or Russia) complains. None of these nations mentioned (much less complained of) recent Israeli airstrikes but the news eventually gets out as the aftermath of these airstrikes is very visible and not hidden.

In Gaza, Iran backed Islamic Jihad said it would agree to a ceasefire if Egypt could arrange one and Israel would agree to it. Israel believes that Iran ordered Islamic Jihad to make the rocket attack and will continue to order Islamic Jihad to take such orders because Iran is the primary backer of Islamic Jihad and without that support, Islamic Jihad would be much reduced in size and influence.

October 26, 2018: In the Persian Gulf six small IRGC (Iranian Revolutionary Guard Corps) armed boats got close (about 300 meters) to the largest American warship in the Persian Gulf (a 41,000 ton amphibious ship carrying 1,600 marines plus vertical takeoff jets and transport helicopters). Two years ago the IRGC boats would have gotten closer but the American have become more aggressive since then, even to the point of opening fire on boats that got too close.

In France, an Iranian diplomat was expelled as part of an investigation into an Iranian attempt to bomb a meeting and public rally by Iranian exiles last June. Iran has been carrying out these covert operations against exiles for decades and for a long time many European nations would look the other way. But that is no longer the case in most of Europe and the local police and intel agencies have, over the decades, collected a lot of information on how the Iranian agents operate. It’s become much more difficult for Iran to carry out these attacks, much less get away with it.

October 25, 2018: In the northwest (Kurdistan province), Kurdish separatists clashed with soldiers and four soldiers were killed. Kurdish separatist casualties were unknown.

The United States enacted a new law that strengthens the Hezbollah International Financing Prevention Amendments Act which improves the effectiveness of a similar 2015 law by giving American investigators and enforcers more tools and authority to find and shut down Iran backed Islamic terrorist funding activities.

October 24, 2018: In Iraq, the new parliament finally agreed on Adel Abdul Mahdi as prime minister but rejected 8 of his 22 ministers. Reasons given for rejections ranged from being tainted by working for Saddam (before 2003) or having some connection with corrupt behavior. Mahdi has worked with Iran in the past but is now considered wary of Iranian influence and intentions. In an effort to gain more public support he is moving government offices outside the Green Zone and directly addressing corruption issues. Overall Iran considers the elevation of Mahdi as a defeat.

October 21, 2018: Swedish police arrested an ethnic Iranian who was a Norwegian citizen and extradited him to Denmark where is he wanted for questioning about his role in an Iranian plot to murder the leader of an Iranian Arab separatist group who lives in Denmark. Investigation of the activities of the Norwegian-Iranian suspect confirmed the existence of a plot and Norway demanded answers from Iran. Israel is suspected of providing the intel that revealed the assassination effort ordered by Iran. By the end of the month, Denmark had recalled its ambassador from Iran and asked other European nations to join in pressuring Iran to halt this sort of thing. Iran denies everything, which is the usual Iranian response when caught misbehaving outside Iran.

October 20, 2018: In a prison near the capital (Tehran) three more Kurdish Iranians were executed during the last week. That makes nearly 60 Kurds executed so far this year. Most of the Kurds are executed for opposing Iranian rule even if they are officially charged with other crimes.

October 19, 2018: In the southeast IRGC troops fired several dozen mortar shells across the border into Pakistan (Baluchistan province) with the primary target a village that had been used by Iranian Baluchis. The Iranians warned the farmers and herders on the Pakistani side (Chagai District, where the population of 230,000 is over 95 percent Baluchi). There was damage to farmland and some farm animals were killed. The Iranians are punishing the Baluchis for supporting Iranian Baluchi separatists who are able to establish bases in Baluchistan.

October 18, 2018: Nationwide teachers have been striking all week over the fact that their pay levels now (because of inflation) have reduced many teachers to the point where their income cannot pay for essentials. The government says it has no money for a pay increase. But the teachers know how much Iran is spending on the wars in Iraq, Syria, Lebanon, Gaza and Yemen.

October 17, 2018: In the northwest, across the Iraqi border in Diyala province a pro-Iran PMF militia patrol encountered a group of ISIL gunmen and killed five of them. One of the dead was Abu Zahi, a known ISIL leader that Iran believed organized the September 22 attack just across the border in Iran’s largely Arab Ahvaz province. The attack killed 25 people including several soldiers in the parade. ISIL took credit for the attack as did a local Arab separatist group. Iran made some arrests and apparently identified Abu Zahi as possibly the one who organized the attack.

In the southeast on the Pakistan (Baluchistan) border, Iranian Jaish al Adl Baluchi rebels from Pakistan (where these rebels often establish bases) crossed into Iran and kidnapped 14 Iranian police manning a border post. Apparently, those at the border post were unconscious after eating a meal containing drugged food. Jaish al Adl took credit for the operation and said it was in retaliation for Iranian attacks on Iranian Baluchis (who are Sunni Moslems). There was also the recent (late September) border clash in which a Jaish al Adl leader was killed. Iran has urged Pakistan to find the missing Iranian border guards as they are believed to be in a Jaish al Adl facility in Pakistan. Jaish al Adl has been around since 2012 and is the successor to Jundallah and perpetuates Iranian Sunni Baluchi resistance to Iranian Shia rule. The Iranian and Pakistani Baluchis have family, tribal and ideological links and that makes it easier for an Iranian Baluchi Islamic terror group to establish and sustain bases in Pakistan. This is a constant source of friction between Iran and Pakistan because the Iranians could shut down groups like Jaish al Adl were it not for the Pakistani sanctuaries. Pakistan is unable to suppress its own Baluchi Islamic terrorist and separatist groups.

October 16, 2018: Twitter has released a 350 GB file containing over 10 million tweets from 3,800 accounts belonging to Russian organizations that engage in media manipulation. There were also one million tweets by Iranian trolls seeking influence public opinion. These tweets date from 2013. Actually, Russia has been using information war techniques like this for over a decade and Iran followed the Russian example. Early on the term for the Russian paid posters was the “50 ruble” or “50 cent” army and they were a known problem on Internet newsgroups and message boards since the 1990s. After 2001 the Russian use of online disinformation grew, especially with the appearance of social media sites like Twitter and Facebook. The mass media in the United States only discovered the existence of this troll army in 2016. By 2017 American media discovered that the Chinese and Iranians were also doing this sort of thing. Twitter released this archive for civilian researchers. Facebook also releases foreign troll account data but to a more restricted audience. Intelligence agencies and veteran BBS (bulletin board system) Usenet and Internet posters have known about this sort of thing since the 1980s but it was never big news like it is now.

October 10, 2018: In northwest Yemen (Hodeida), government forces shot down a UAV that turned out to be Iranian.




Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contributions. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   Contribute   Close