Iran’s Cyber Threat May Be Less ‘Shock and Awe’ than ‘Low and Slow,’ Officials Say

The United States has been on high alert since the Cybersecurity and Infrastructure Security Agency warned that Iranian‑linked hackers were seeking to cause disruptive effects on critical infrastructure. Yet, at the Asness Summit, former NSA director Tim Haugh and veteran cyber‑responder Kevin Mandia painted a different picture: Iran’s cyber strategy is more akin to a criminal enterprise, favoring low‑and‑slow, opportunistic intrusions over flashy, large‑scale attacks. This shift reflects a pragmatic approach that leverages existing vulnerabilities rather than investing in sophisticated zero‑day exploits, allowing Tehran to sustain pressure while conserving resources.

The Stryker incident provides a concrete example of this methodology. Rather than deploying exotic malware, the attackers used social engineering to obtain legitimate credentials and then performed destructive actions with tools already available to the compromised user. Similar tactics have been observed across multiple sectors, with threat actors purchasing valid logins on dark‑web marketplaces and probing every login page and API for weak multi‑factor authentication (MFA) controls. By exploiting these basic identity gaps, they can infiltrate networks, exfiltrate data, or sabotage operations while maintaining a veneer of sophistication through coordinated information‑operations.

For business leaders and CISOs, the takeaway is clear: the next wave of cyber conflict will be won or lost on the strength of identity and access management. Implementing robust MFA, continuous credential monitoring, and rapid revocation of compromised accounts can dramatically reduce the attack surface. Moreover, organizations should adopt threat‑intel‑driven hunting to detect anomalous login patterns before they translate into operational damage. As geopolitical tensions persist, the baseline of Iranian cyber activity is unlikely to evolve into more complex exploits, making diligent basic security hygiene the most cost‑effective defense.