Key Takeaways
- Iran’s cyber operations have achieved notable political impact, even though their technical sophistication lags behind Russia’s state‑linked APT groups.
- The country uses cyber as a “threat projection” tool that amplifies kinetic actions (drones, missiles) against Gulf‑state infrastructure and shipping lanes.
- Western observers are reluctant to test Iran’s genuine capabilities—particularly in the Strait of Hormuz—because confirming effectiveness would risk escalation.
- Lessons from ransomware groups like LockBit show how false narratives and information‑operations can magnify the perceived power of cyber attacks.
- Transparent information‑sharing between public and private sectors remains a strong defensive posture against Iranian and other nation‑state threats.
Iran’s Cyber Edge Over Russia’s Technical Prowess
Yelisey Bohuslavskiy, co‑founder of threat‑intelligence firm RedSense, argues that Iran has accomplished something Russia has struggled to achieve during its prolonged war in Ukraine: measurable political impact through cyber means. While Iran’s nation‑state hacking teams do not match the depth, resources, or volume of Russia’s military‑linked advanced persistent threat (APT) groups, they have learned to wield cyber tools strategically to shape perceptions and pressure adversaries.
Cyber as a Force Multiplier for Kinetic Strikes
According to Bohuslavskiy, Iran’s cyber assets are most effective when paired with kinetic actions such as drone and missile strikes on critical infrastructure in U.S.-allied Gulf states. The synchronization of cyber disruption—targeting data centers, oil‑and‑gas refineries, hotels, airports—with physical attacks creates a compounded effect that caught Western observers off guard. The cyber component does not necessarily need to cause massive technical damage; its value lies in amplifying the psychological and political consequences of the kinetic blows.
Threat Projection Versus Pure Execution
A striking insight from the interview is that Iran’s “threat projection” has become more important than the actual execution of cyber attacks. By credibly signaling the ability to disrupt vital services, Tehran can influence decision‑making without necessarily following through on every threat. Bohuslavskiy notes that this approach mirrors information‑operations tactics seen in ransomware campaigns, where the perception of capability often outweighs the real technical outcome.
Reluctance to Test Iran’s Maritime Cyber Threats
One area where uncertainty remains high is Iran’s purported ability to threaten shipping in the Strait of Hormuz via cyber‑enabled drone or missile attacks. Bohuslavskiy bluntly states, “We don’t know, unfortunately, how strong the Iranian threat is against shipping in the Strait of Hormuz because no one wants to test it.” Shipping firms are unwilling to expose vessels and crews to potential harm merely to verify the validity of Iranian claims, leaving the true scale of the threat ambiguous.
U.S. Naval Blockade and the Political Utility of Cyber
In response to heightened tensions, the U.S. Navy has instituted a blockade of the Strait, and a temporary cease‑fire is currently holding. Should this evolve into a lasting peace treaty, Bohuslavskiy predicts that cyber will regain prominence as Iran’s primary lever for political influence. Even without active hostilities, Tehran could continue to launch cyberattacks that disrupt economies, sway public opinion, and extract concessions—demonstrating the enduring utility of cyber as a low‑cost, high‑impact instrument of statecraft.
Parallels With the Russia‑Ukraine Conflict
The interview draws explicit parallels between Iran’s current posture and Russia’s use of cyber in the Ukraine war that began in 2022. Both nations blend cyber with kinetic operations, yet Iran’s approach emphasizes political signalling over sheer technical volume, whereas Russia has relied heavily on destructive APT campaigns and widespread disinformation via hacktivist proxies. Bohuslavskiy suggests that studying these similarities helps defenders anticipate how adversaries will evolve their combined cyber‑kinetic playbooks.
Ransomware Lessons: Weaponizing False Truths
Bohuslavskiy highlights a tactic borrowed from ransomware groups such as LockBit: the “weaponization of false truths.” By planting or amplifying misleading narratives about their capabilities—whether through fake leak sites, exaggerated ransom notes, or fabricated attribution—threat actors can inflate their perceived power and compel victims or governments to react disproportionately. Iran’s cyber strategy appears to employ a similar playbook, using unverified claims by pro‑Tehran hacktivist groups to bolster its threat projection without necessarily backing them with extensive technical operations.
The Defensive Power of Transparency and Intelligence Sharing
A recurring theme in the discussion is the importance of Western cybersecurity transparency. Bohuslavskiy argues that open sharing of threat indicators, attack patterns, and mitigation guidance across public and private sectors creates a collective situational awareness that undermines adversaries’ ability to surprise defenders. When nations and corporations openly discuss Iranian cyber activities—whether observed in the Gulf, the Strait of Hormuz, or elsewhere—they reduce the effectiveness of Iran’s information‑operations component and enable faster, more coordinated defenses.
Background on the Expert
Prior to co‑founding RedSense, Yelisey Bohuslavskiy served as the co‑founder and head of research and development at Advanced Intelligence, and earlier worked as a cyberthreat intelligence analyst at Flashpoint and a due‑diligence researcher at Kroll. His extensive experience in tracking nation‑state and cybercrime trends positions him as a credible voice on the evolving interplay between cyber, kinetic, and psychological warfare in contemporary geopolitics.
This synthesis captures the core arguments and insights from the original interview, distilling them into a concise yet comprehensive overview suitable for readers seeking to understand Iran’s current cyber‑strategic posture and its broader implications for international security.