Iran and the U.S. may not yet be at war, but a virtual war has begun online.

According to multiple reports over the weekend, the U.S. Cyber Command launched digital strikes against targets in the country on Thursday.

The Associated Press, referencing unnamed U.S. officials, say that the attacks targeted Iranian computer systems that control Iran’s rocket and missile launches. Alternatively, Yahoo News claimed that the cyberattacks targeted an Iranian spy group.

Where all the reports agree, including one from The Washington Post, is that President Trump signed off on the cyberattack at around the same time Thursday he decided against supporting military strikes against the country.

Tensions in Persian Gulf have been rising since the President withdrew the U.S. from the Iran Nuclear Deal in May 2018 and reimposed sanctions on the country. The most recent escalation in tension started with an attack on two oil tankers in the Gulf of Oman June 13, which was attributed to Iran by the U.S. government followed by the downing of a U.S. drone in the same area June 20.

The use of cyberwarfare as opposed to military strikes was praised by some. Phil Neray, vice president of industrial cybersecurity at CyberX, told SiliconANGLE that the “digital strike against Iran is a great example of using Cyber Command as a Special Ops force, clearly projecting U.S. power by going deep behind enemy lines to knock out the adversary’s intelligence and command-and-control apparatus.”

Although the U.S. may be ramping up cyberattacks against Iran, the country is believed to have been targeting U.S. and its allies in cyberattacks well before the latest drama in the region.

A report from Microsoft Corp. in March claimed that hackers from the Islamic Republic have caused hundreds of millions of dollars in damages over the past two years. The country’s hacking campaign is said to have targeted thousands of people in more than 200 companies and included the theft of corporate secrets as well as the attackers deleting data to cause damage. Targets included companies in the U.S. as well as in Saudi Arabia, Germany, India and the U.K.

With the U.S. ramping up its cyberattacks against Iran, it’s likely that the country will retaliate in kind.

Christopher Krebs, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency director, warned of increased cyberattacks from Iranian hackers on Twitter Sunday, warning companies to take protective measures against cyberattacks.

“Iranian regime actors and proxies are increasingly using destructive ‘wiper’ attacks, looking to do much more than just steal data and money,” Krebs wrote. “These efforts are often enabled through common tactics like spear phishing, password spraying and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network.”

Spear phishing is the practice of sending fake emails pretending to be from a known or trusted sender in an attempt to trick a person to hand over confidential information. Password spraying is an attempt to gain access to multiple accounts using commonly used passwords, while credential stuffing involves attempts to log into a targeted network using credentials stolen in other attacks.

The escalation in attacks from Iran is, by some accounts, already underway. A number of cybersecurity firms are reporting a spike in cyberattacks originating from the country. The Iranian hackers are said to have been targeting U.S. government agencies, as well as sectors of the economy, including finance, oil and gas.

It’s not known if any of the Iranian attacks, which primarily consist of spear phishing campaigns, has managed to gain access to targeted networks.

Photo: U.S. Air Force