Hezbollah, or the Party of God, is a powerful Iranian surrogate that has been leveraged in many ways to promote Tehran’s political and ideological agenda throughout the Middle East. Established in 1982, Hezbollah maintains deep interests in Lebanon although its multi-faceted capabilities have made the group instrumental for Iran’s Islamic Revolutionary Guard Corps (IRGC) who has turned to Hezbollah for a variety of purposes and missions. Indeed, Hezbollah’s operations are global in scope and have ranged in a variety of activities that include but are not limited to militant, terroristic, and criminal, among others. However, because the group maintains a robust global presence even in places like the United States, its most advantageous strength may be its ability to extend Iran’s influence regionally via its extensive network. Hezbollah serves as the hand that dangles carrots as well as wields sticks, depending on the targets and the intent of the operations.
The information environment consists of both information-driven content as well as the infrastructure that supports its production, processing, and dissemination. This includes the soft and hard technologies that make these networks function properly. For groups looking to become a player in this space, it is essential to be able to demonstrate proficiency in exploiting information as well as exploiting the technology supporting it. Some states have shown their adeptness at doing both, the better ones being referred to as “cyber powers.” Hezbollah has undertaken a similar tack, becoming one if not the most powerful non-state entities in cyberspace, largely helped by its Iranian patron that has invested in it much to its benefit. What has materialized is a resistance group that has the financial backing of a state and who is quickly cyber-maturing in almost lockstep with its benefactor.
Hezbollah possesses sophisticated information-enabled capabilities, which the group has developed and refined operating traditional media and broadcasting outlets, and creating a media empire that overtly promotes Iranian messaging. These activities naturally spilled over onto the Internet where interconnected environments expanded the reach of Hezbollah’s propaganda, expediting the speed with which content could find audiences. In the constant effort to win supporters and influence demographics, Hezbollah quickly acknowledged the power of the Internet to further its own interests, Iran’s interests, and Shia ideology. Since the 2006 Second Lebanon War, Hezbollah has continued to increase its Internet presence, and even provided social media training to operatives to sow discord and incite violence in regional online channels. According to one 2020 news report, Hezbollah further demonstrated its technical prowess when it provided instruction on how to digitally manipulate photographs, manage social media accounts, circumvent Facebook censorship, and spread disinformation online.
Influence campaigns are not new and are usually linked to states driving messaging via overt and covert media. And while proxies are often used, Hezbollah represents a unique force in this ecosystem. No doubt Hezbollah witnessed firsthand how influence campaigns could have a strategic impact after the Second Lebanon War in which it had engaged in mass campaigns to sway audiences via vigorous public relations imaging and psychological warfare that targeted local, regional, and international public opinions of the brief conflict. Largely perceived as a Western creation, the Internet has proven a double-edged sword and one that Hezbollah could use to its advantage. Hezbollah has excelled in the information space building capabilities much in the same way as a state. In addition to operating traditional media outlets, the group created its own independent communications infrastructure, and engages in surreptitious cyber operations that range from exploitative to disruptive, depending on the target and the intent. Hezbollah even migrated to closed telephone circuits that functioned independently of Lebanese government networks. Therefore, it is unsurprising that Hezbollah has been called “the most technically-capable terrorist group in the world.”
Being capable in the digital domain means understanding how to take advantage of information as well as information systems on which it resides. There is evidence indicating that Hezbollah possesses an advanced computer network operations capability that has been active since 2012. Dubbed “Lebanese Cedar” (aka, Volatile Cedar), this advanced persistent threat (APT) actor group has conducted several cyber attacks against telecommunications companies, internet service providers, hosting providers, and managed hosting and applications companies in countries across North America, Europe, and the Middle East. While their tactics may not be on par with some leading state cyber powers, they are ahead of lesser states and most cyber criminal organizations. Lebanese Cedar appears to use these skills more for exploitation than attack, such as breaching global servers in order to collect sensitive information to support other operations. While no disruptive attacks have been linked to Lebanese Cedar, the accesses gained and sustained could facilitate them, should its intent change.
Additionally, mounting evidence indicates that Hezbollah has a cyber warfare unit, which appears to be independent of the Lebanese Cedar APT group, and under closer direction by Iran. Set up by and under the control of the IRGC’s Quds Force, the unit is tasked with intelligence collection on Lebanon government targets as well as supporting Iran’s requirements. The unit allegedly conducts cyber attacks against strategic targets like oil and gas companies in the region. As the group was created by the IRGC, reporting suggests that the unit has equipment similar to Tehran’s Sharif University, an academic institution that instrumentally supports Iran’s cyber capabilities. Like supplying Hezbollah with kinetic weaponry to compete with a state’s arsenal, it appears that Iran is ensuring that Hezbollah’s cyber unit has the resources at its disposal to compete in the cyber domain.
It’s easy to see that Hezbollah’s evolution in the digital space has largely been driven by its close relationship with Iran. Iran has developed into a significant cyber actor in its own right, with many studies citing them among the top ten in national cyber power, ranking substantially in financial investment in cyber development, ability to execute destructive attacks, and executing robust surveillance. Indeed a February 2022 U.S. intelligence community worldwide threat assessment expressly cited Iran as having demonstrated its “growing expertise” in conducting cyber operations. The IRGC has an established track record of providing Hezbollah training in a variety of operations. As the main cyber actor within Iran’s intelligence and security apparatus, it follows that the IRGC would consider sharing tools and tactics and infrastructure with Hezbollah’s cyber warfare unit, particularly when it engages in activities that directly benefits Tehran.
Hezbollah’s cyber offensives may not have garnered much attention in the news cycles, but that seems to be more of a conscious decision than a reflection on capability. With Iran being consistently constrained in the world by Western policies, Hezbollah has been and will remain a force able to maneuver in regions Iran cannot or has not. And this will require Hezbollah to utilize the full-extent of its information-enabled capabilities, the more powerful of which could be the production and dissemination of soft power influential content, propaganda, and disinformation. With focus on Tehran and an attempt to strike a nuclear deal, Hezbollah has been unharnessed globally and should be an instrumental asymmetric asset for Tehran.