Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Aïda Amer/Axios

Given last week's flurry of U.S. cyberattacks against Tehran, Iran's history of retaliating with cyberattacks might raise a few eyebrows. But more concerning might be Iran's history of learning new strategies from other nations' cyberattacks.

The big picture: In 2009, Iran became the first known target of cyber warfare. Its history with cyber conflict is long, and could be used to inform how the current moment might play out.

The backstory: Iran shows an uncommon ability to learn from other nations' techniques and targeting, said Silas Cutler, reverse engineering lead at Chronicle. That's evidenced in how it adapted to Stuxnet, 2009 malware likely launched by the U.S. and Israel to disable the Iranian nuclear program.

  • After Stuxnet, notes Cutler, Iran invested heavily in cyber activities.
  • That resulted in the Shamoon malware, ultimately used to damage the Saudi-owned oil company Aramco in a 2012 attack widely believed to have been carried out by Iran.
  • "I'm less worried about a retaliatory attack and more worried about them learning from our attacks and making them their own," said Cutler.

In fact, Stuxnet caused a fundamental change in how hackers operate in Iran.

  • Hacker culture in Iran dates back to the turn of the millennium. Ashiyane, an Iranian security forum still used today, was founded in 2002.
  • But the purposes of hacker forums in Iran changed after Stuxnet, said Cutler, moving from being a general subculture to a more patriotic one.
  • To this day, the Iranian government uses hacker forums for recruitment whenever they need an emergency workforce.

Where it stands: More recently, said Adam Meyers of Crowdstrike, Iran has learned from Russia's operations against Ukraine in its current operations against Saudi Arabia and the UAE.

The intrigue: Unlike North Korea, which has mainly used disruptive cyberattacks to settle petty scores and generate revenue, Iran's disruptive cyberattacks have been more tactical, said Ben Read, senior manager for cyber-espionage analysis at FireEye.

  • Iran responded by launching massive denial-of-service attacks against the U.S. financial sector in 2012, after the U.S. launched sanctions against Iran and only two years after Stuxnet was exposed.
  • Those are remarkably similar to the current state of affairs, notes Read. The U.S. announced new sanctions against Iran this week following the cyber attacks last week.
  • Iran can be petty, too. (It may have used Shamoon to attack Sheldon Adleson's Sands casino in response to comments he made.)

What's next: Iran largely stopped targeting the West after the Iran deal, but activity has re-emerged against the U.S. as tensions have escalated. That activity appears to be more for information gathering than to cause harm.

  • The U.S. should be aware of Iran's techniques should they chose to retaliate, said Read, as just knowing what to look for can be enough to head off Iran's brand of attacks.
  • "They can do bad stuff, but they aren't wizards," he said.

Go deeper

Dion Rabouin, author of Markets
32 mins ago - Economy & Business

How GameStop exposed the market

Illustration: Eniola Odetunde/Axios

Retail traders have found a cheat code for the stock market, and barring some major action from regulatory authorities or a massive turn in their favored companies, they're going to keep using it to score "tendies" and turn Wall Street on its head.

What's happening: The share prices of companies like GameStop are rocketing higher, based largely on the social media organizing of a 3-million strong group of Redditors who are eagerly piling into companies that big hedge funds are short selling, or betting will fall in price.

Caitlin Owens, author of Vitals
1 hour ago - Health

Who benefits from Biden's move to reopen ACA enrollment

Photo: Chip Somodevilla/Getty Images

Nearly 15 million Americans who are currently uninsured are eligible for coverage on the Affordable Care Act marketplaces, and more than half of them would qualify for subsidies, according to a new Kaiser Family Foundation brief.

Why it matters: President Biden is expected to announce today that he'll be reopening the marketplaces for a special enrollment period from Feb. 15 to May 15, but getting a significant number of people to sign up for coverage will likely require targeted outreach.

2 hours ago - Technology

Big Tech bolts politics

Illustration: Eniola Odetunde/Axios

Big Tech fed politics. Then it bled politics. Now it wants to be dead to politics. 

Why it matters: The social platforms that profited massively on politics and free speech suddenly want a way out — or at least a way to hide until the heat cools.