Is the Taliban a Cyber Threat to the West?

Taliban Cyber Capabilities

Two decades ago, the U.S. and its allies invaded Afghanistan as retribution for the 9/11 terrorist attacks carried out by the al-Qaeda terror group. The Taliban, who had harbored al-Qaeda in Afghanistan, was forced out of government. Now, 20 years later, the U.S. has left Afghanistan, and the Taliban has returned. U.S. Defense Secretary Lloyd Austin warned this week that the al-Qaeda extremist group may attempt to regenerate in Afghanistan following the botched American withdrawal that allowed the Taliban to regain control of the country.

But the world has changed in the last 20 years. Most notably, technological advances mean that acts of terror no longer need to be kinetic. Cyberattacks against critical infrastructure can potentially do more harm than the 9/11 attacks. While there are uneasy and unofficial norms of acceptable behavior between the West, Russia and China, no such norms apply to the ‘rogue’ states ‒ most notably North Korea and Iran.

And now, perhaps, Afghanistan. We need to consider whether the Taliban is, or will become, a notable cyber threat to the West.

Does the Taliban pose a cyber threat?

The Taliban is not currently a cyber threat. There are two primary reasons. Firstly, aggressive international behavior is not high on its list of priorities. “They must stabilize their own country and establish a level of governance, security and ‘normality’ and consolidate their position as de facto rulers of Afghanistan, albeit through means unpalatable to international observers,” Brian Lord, CEO of cyber security and business intelligence firm Protection Group International (PGI), told SecurityWeek.

This may not be as easy as we believe. Russia tried and failed to control Afghanistan. The U.S. and its allies tried and failed. Why should we assume that the Taliban will automatically be successful? “In a few weeks, we will see how the power struggle that will erupt between stronger tribal leaders and the Taliban is affecting the country,” commented Dirk Schrader, global VP of security research at New Net Technologies (NNT), now part of Netwrix. “For sure it will be a constant source of unrest in parts of Afghanistan.”

There are areas of the country not under Taliban control, while ISIS ‒ an enemy of the Taliban that has killed both Taliban and al-Qaeda people in Afghanistan ‒ is still able to conduct operations in Kabul. Intelligence firm Flashpoint reported, “The ‘Khorasan’ branch of ISIS [the ‘K’ in ISIS-K] remains very active. It has claimed responsibility for at least 105 military operations inside Afghanistan since May 1, 2021.”

Nevertheless, the Taliban is and will remain the dominant power and ‘government’ within Afghanistan. “It must present,” continued Lord, “a position that is internationally non-threatening, at least until the international attention has tired of wailing and hand wringing about Afghanistan’s fate and has turned its attention to newer problems and challenges. They have waited patiently for 20 years; another few will do no harm. They are there for the long-term.”

Religious backgrounder

The Muslim world primarily comprises 70% Sunnis and 30% Shi’ites. The Shi’ites dominate in Iran, Iraq, Azerbaijan, and the Zaydism sect of Houthis in Yemen, and there is a sizable population in Pakistan. The Taliban is an ultra-conservative Deobandi Sunni sect. It first emerged in 1876 in colonial India with the aim of revitalizing Islam based on strict conformance with Sharia law. From its origins, it has no love for any form of western imperialism. Sunnis and Shi’ites are not natural allies, but recent history has shown they can work together in the face of a perceived common enemy.

The second reason for the lack of any realistic current cyber threat from the Taliban is the group simply does not have the capability. “Currently,” Evan Kohlmann, CEO at Flashpoint, told SecurityWeek, “the Taliban’s primary existence in cyberspace comprises a few Telegram channels, and a few websites with RSS feeds where they’re putting out their propaganda. As far as we can tell, they are no more sophisticated than that. They’re not sophisticated enough to get into the more aggressive operations that we see from even small rogue states like North Korea.”

The future

Things change. Right now, the Taliban is in a tight spot. It is on the outside looking in. Without access to international banking and confronting the probability of international sanctions, it is faced with an economic crisis. All it can do is look for help and support from other nations in a similar position.

Geopolitical backgrounder

Afghanistan is not without natural resources. It has lithium, necessary for high tech batteries. It has copper, used in energy production. It has precious gems, that can easily bypass sanctions on the black market. It has borders with three more advanced nations: Iran, China and Pakistan. Pakistan will defer to China in its relationship with Afghanistan, and China will wish to include Afghanistan within its international area of influence. But the Taliban is far closer to Iran in language and culture. The greatest likelihood is that the Taliban will court a relationship with Iran, but with the added probability of Chinese influence.


“The Iranian/Taliban relationship is not good,” comments Kohlmann; “but as far as we can tell right now, the Taliban is going out of its way to meet with Iran and assure the Iranians they will protect the Shi’ites in western Afghanistan from ISIS.” In exchange, Iran could provide support in terms of food, money, weapons and oil. 

Furthermore, Iran’s Islamic Revolutionary Guard Corps (IRGC) has a history of providing cyber expertise, training, and resources to some of the groups it is encouraging, such as the Houthis in Yemen. “It is conceivable that the IRGC will provide expertise and training to the Taliban in both cyber and other areas,” he adds. “I would say that’s where any future Taliban cyber capability will develop from.”

CISO Forum - Virtual Event

A safe haven

It is also worth noting that Iran has a history of operating its foreign policy through proxies, such as Hezbollah and the Houthis. A cyber active Taliban might be an attractive possibility, supported by the probability that Afghanistan will become a safe haven for international cyber-criminal groups over the next few years.

Cyber criminals like to operate from locations where they are tolerated by the government; where law enforcement turns a blind eye so long as the focus of the activity is directed elsewhere in the world; where law enforcement has no incentive for international collaboration with other law enforcement agencies; and where there is no existing meaningful legislation such as the Computer Fraud and Abuse Act (CFAA) in the U.S. or the Computer Misuse Act (CMA) in the UK. 

“Afghanistan under the Taliban ticks pretty much all those boxes,” says Lord. “As its infrastructure grows more robust (and China may be instrumental here) it will become a magnet for Organized Crime Groups (OCGs) seeking a safe center of operations from which to conduct what they do with impunity. The ‘safe haven’ will certainly become a characteristic of Afghanistan in the cyber world.”

He does not believe the rest of the world can or will do much to prevent this. “Given we are looking at a few decades of neuralgia about getting national hands trapped in the Afghanistan mangle—the Taliban facilitating online criminality will fall way below the threshold of anything other than some angry voices. And let’s not mistake the Taliban’s ultra-conservative religious demeanor for being averse to such things. They exported opium to the West happily for years – online criminality will be well within tolerance.”


And then there’s China. Within a week of the Taliban regaining power, Lord points out that China has already leant forward to engage with the new government. “China will take the lead in flooding Afghanistan with Chinese technology and telecoms infrastructure under one of their long-term economic arrangements. There is no doubt that Afghanistan will become another piece in the jigsaw of Chinese technology proliferation. The Taliban will accept it out of an economic necessity, and they will, in turn, be able to adopt the type of oppressive international national surveillance techniques and impose the type of technology access control already established in China.”

Misinformation and disinformation

Furthermore, suggests Lord, the West needs to avoid being fooled by the Taliban. “The Taliban will need to control (and confuse) the international narrative. They are good at this. They will hit social media, media channels, and the wider internet with a flood of confusing information, misinformation, disinformation, bluff, double bluff and triple bluff. They will need to do this to create sufficient space to consolidate their position of strength while exercising the type of human rights abuses they are known for.” 

The West, he says, will need to develop the ability to unpick this narrative, to arrive at the truth and provide clarity on what is happening within Afghanistan. “That remains the key for the world to have continued visibility of the Taliban regime. To my mind, large-scale manipulation of information is a ‘cyber threat’ – even if not a ‘cyberattack’.”

With infrastructure provided by China and cyber expertise from the IRGC ‒ not to mention locally operating cyber-criminal gangs that could be hired ‒ added to an inherent animosity toward the West, Afghanistan will have everything necessary to evolve into a new international cyber threat. 

“The parallels to be drawn,” says Schrader, “are those with North Korea and Iran, where access to information, the censored use of the open Internet, the monitoring of communication (if available at all) is part of the daily life.”

The future has a history of confounding predictions. But while the Taliban provides no immediate cybersecurity threat, there is ample potential for it to develop into a major threat on a par with North Korea over the next three to five years.

Related: Line Between Nation-State, Criminal Hackers Increasingly Blurred: Report

Related: ‘World’s Leading Bank Robbers’: North Korea’s Hacker Army

Related: Leaked Files From Offensive Cyber Unit Show Iran’s Interest in Targeting ICS

Related: The United States and China – A Different Kind of Cyberwar

view counter

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Previous Columns by Kevin Townsend:

Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *