Question to the Foreign, Commonwealth & Development Office:

To ask the Secretary of State for Foreign, Commonwealth and Development Affairs, what lessons his Department has learnt from countering malicious Iranian cyber activity; and what discussions he has had with his (a) Middle Eastern and (b) international counterparts on this matter.

The National Cyber Security Centre (NCSC) assesses that Iran-based threat actors remain aggressive in cyberspace and continue to achieve their objectives through less sophisticated cyber techniques (including prolific use of spear-phishing), but also targeting industrial control systems.

The NCSC continues to work closely with government, industry and international partners to understand and mitigate the cyber threat from Iran. This includes the activities of the Islamic Revolutionary Guard Corps. In September 2024, the UK and the US jointly issued a Technical Advisory focusing on attackers working on behalf of Iran's Islamic Revolutionary Guard Corps use social engineering to gain access to victims' online accounts. This Advisory provided network defenders with information to help mitigate these threats.

Foreign, Commonwealth and Development Office ministers and officials raise the UK's concerns about the cyber threat regularly with their international counterparts, including the activities of particular states where appropriate. The UK works with international partners to ensure the perpetrators of malicious cyber activity are held to account, and will continue to expose and take action against such groups to make it clear that irresponsible behaviour in cyberspace will have serious consequences.