I am going slightly down since I got this answer from the INFER team as a reply to my request for clarification about the cyberattack: "This question is concerned with a cyberattack that damages or interrupts the normal functioning of critical infrastructure as mentioned in the clarification, rather than theft of data/intelligence gathering that could lead to such harm in the future." So not all successful cyberattacks count, even if they were directed at the critical infrastructure (like data theft and probably also disclosing stolen information or publishing disinformation on the Iranian government websites which would create any public reactions affecting the critical infrastructure).
Gonjeshke Darande, the hackers group behind the previous attacks on Iran (including the one on gas stations from December last year) is worth watching. They proved to have the capabilities and motivation to do something like that, however they might choose some other kind of cyberattack - not necessary affecting critical infrastructure again. It looks like they have their profile on X: https://twitter.com/gonjeshkedarand?lang=en and a channel on the Telegram: https://t.me/s/gonjeshkedarandeofficial.
This report from 2024-02-21 states: "The escalation comes at an inopportune time for Iran, which is also among world leaders in terms of using cyber warfare as a tool of statecraft. We assess Iran will diminish its overt military footprint and focus more on activity in cyberspace." My thinking is that if Iran will, in fact, be more active with cyberattacks, it makes high-profile retaliatory cyber-attacks such as those affecting Iranian critical infrastructure more likely.
I am going slightly down since I got this answer from the INFER team as a reply to my request for clarification about the cyberattack: "This question is concerned with a cyberattack that damages or interrupts the normal functioning of critical infrastructure as mentioned in the clarification, rather than theft of data/intelligence gathering that could lead to such harm in the future." So not all successful cyberattacks count, even if they were directed at the critical infrastructure (like data theft and probably also disclosing stolen information or publishing disinformation on the Iranian government websites which would create any public reactions affecting the critical infrastructure).
Gonjeshke Darande, the hackers group behind the previous attacks on Iran (including the one on gas stations from December last year) is worth watching. They proved to have the capabilities and motivation to do something like that, however they might choose some other kind of cyberattack - not necessary affecting critical infrastructure again. It looks like they have their profile on X: https://twitter.com/gonjeshkedarand?lang=en and a channel on the Telegram: https://t.me/s/gonjeshkedarandeofficial.
This report from 2024-02-21 states: "The escalation comes at an inopportune time for Iran, which is also among world leaders in terms of using cyber warfare as a tool of statecraft. We assess Iran will diminish its overt military footprint and focus more on activity in cyberspace." My thinking is that if Iran will, in fact, be more active with cyberattacks, it makes high-profile retaliatory cyber-attacks such as those affecting Iranian critical infrastructure more likely.