DeepSec 2022 Talk: Iran: A Top Tier Threat Actor – Steph Shample

Sanna/ October 17, 2022/ Conference

This presentation, conducted hundreds of times throughout the United States on Wall Street, at various American universities, and throughout the US Defense sector, will go into detail on the evolution of the Iranian cyber program, its current state and most common malware, as well as what geopolitical events and relationships influence Iranian cyber actors. It will also detail why Iran needs to be taken seriously as a digital threat, as they indeed operate at the same level as malicious Russian and Chinese threat actors.

We asked Steph Shample a few more questions about her talk.

Please tell us the top facts about your talk.

  1.  Iran continues to quickly gain sophistication in Cyber.
  2. Its state sponsored (military and civilian) and cybercriminal operations have worldwide impact and deserve attention.
  3. Iran’s relationships with other adversaries like China and Russia will continue to strengthen its cyber capabilities, but also its general position in world conflict, including its efforts in hybrid warfare.

How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?

In all of my analyst positions, I’ve seen Iran target almost every major industry: healthcare, education, finance, CI/KR. They are continuously gaining momentum and skill as a cyber actor, so educating the public on Iranian actions, capabilities, and partnerships became a part of my daily job. This talk is a high level of their general activities, but I also love to dive deeper with practitioners from all industries and talk about threats specific to them in order to shape their protection and incident response.

Why do you think this is an important topic?

Iran is often categorized as “less capable” than other cyber actors like Russia or China. However, they partner with those countries and they are very active in worrisome cyber activities – espionage, social engineering, and ransomware. They are diverse and skilled, and they must be treated as a top-tier cyber actor rather than one to watch occasionally.

Is there something you want everybody to know – some good advice for our readers maybe?

Adversaries tend to rinse and repeat their tactics, techniques, and procedures, so studying their past and identifying how they evolve is essential. Every phase of development is crucial to observe since tech changes so quickly. But it’s a lot of adapting/adjusting past tactics vs. starting completely new tactics, when it comes to cyber.

A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?

As Iran continues partnerships with China and Russia, they are also looking to expand elsewhere. They have representatives in Venezuela. They are only going to become a more serious contender on the global stage, partnering with US adversaries and participating in hybrid conflicts. For this reason, we must observe their history, dissect what they’re doing now, and prepare and educate ourselves for the Iranian adversary of the future, which also has proxies like Hezbollah to do their bidding.


Steph Shample is a Non-Resident Scholar with the Middle East Institute’s Cyber Program and Senior Analyst at Team Cymru. For the past 16 years, her career has focused on analyzing Iran in various capacities, including its tense relationships with Middle Eastern countries as well as their bordering states, and countering Iranian roles in terrorism, proliferation, and narcotics. During her military career, Steph gained operational experience across the Middle East, Levant, and Central and South Asia. She also completed two deployments to Afghanistan, one military and one as a civilian.

Share this Post