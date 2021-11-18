On Thursday, a federal grand jury indicted two Iranian hackers for election interference that included obtaining confidential voter information from at least one state's election website for a cyber-based disinformation campaign targeting 100,000 Americans. Earlier this week, the U.S. government warned that Iranian hackers also have been on the ransomware offensive.

To Kevin Mandia, the CEO of cybersecurity firm Mandiant, Iran's success in the hacking realm is no surprise, as the nation has been upping its cyber-offensive capabilities for years to take advantage of U.S. weaknesses.

Iran has progressed well beyond the first few stages of cyber evolution — defending its government in cyberspace and targeting its closest geographic foes, the immediate threats, which in Iran's case would include the back and forth between itself and Israel in the cyber realm.

"There was a time when we responded to Iran, their operators looked like they just got out of the classroom," Mandia said during an interview with CNBC's Eamon Javers at the CNBC Technology Executive Council Summit in New York City on Wednesday. "And we're like god, you know ... they just compressed the C drive, why not just compress what you're going to steal?"

"But that was 14 years ago," said Mandia, who has been monitoring cyber campaigns by Iran since 2008. "Come today, they're operating with efficiency, they're operating with malware that can be updated. They have a framework where they can update their malware super fast," he said. "So they can be very efficient ... leapfrogging our defenses as they learn. And that's kind of a frustration. I've seen most modern nations do have that capability ...a framework where they can update quickly. Iran does have that framework."

He said Iran also is part of a group of nation-state actors that have zero day capabilities — referring to a disclosed vulnerability for which no official patches or security updates yet exist even though exploitation by hackers can have severe consequences — the most frustrating of all types of cyberattacks.