Iranian drones have targeted Amazon’s largest Middle East datacenter in Bahrain for the second time in a month in part of what appears to be a planned strategy to disrupt the region’s digital economy.
According to press reports, the ME-SOUTH-1 (Bahrain) AWS site, operated by telecom company Batelco, was hit by the latest drone attack on April 1. Bahrain’s interior minister confirmed to the FT that the attack had caused a fire.
On April 2, the AWS Service Health status page for ME-SOUTH-1 stated that AWS services in Bahrain have been “impacted”, the lowest of three levels of disruption.
However, social media posts by users suggest that the site became unavailable after being attacked around 4am (9pm ET).
Iran first attacked the ME-SOUTH-1 and ME-CENTRAL-1 (United Arab Emirates) on March 1, causing major disruption to services. At the time, Amazon advised Middle East customers to shift AWS workloads to other parts of the world.
“Customers should enact their disaster recovery plans, recover from remote backups stored in other Regions, and update their applications to direct traffic away from the affected Regions,” Amazon said.
Amazon was contacted for comment on the latest Bahrain drone incident, but said it had nothing to add beyond the statement in its current advisory.
Denial of infrastructure
Doing the damage is the Shaheed 136, a small and unsophisticated drone designed to overwhelm defenders with numbers. If only one in twenty reaches its target, the price-performance still exceeds that of more expensive systems.
When aimed at critical infrastructure such as datacenters, the effect is also psychological; the threat of an attack on its own can be enough to make it difficult for organizations to continue using an at-risk facility.
Iran’s targeting of the Bahrain datacenter is unlikely to be random. Amazon opened its ME-SOUTH-1 AWS presence in 2019, and it is still believed to be the company’s largest site in the Middle East.
Earlier this week, the Islamic Revolutionary Guard Corps (IRGC) Telegram channel explicitly threatened to target at least 18 US companies operating in the region, including Microsoft, Google, Nvidia, and Apple. This follows similar threats to an even longer list of US companies made on the IRGC-affiliated Tasnim News Agency in recent weeks.
That strategy doesn’t bode well for US companies that have made large investments in Middle Eastern datacenter infrastructure in recent years, drawn by the growing wealth and influence of countries in the region. This includes Amazon, which has announced plans to build a $5.3 billion datacenter in Saudi Arabia, due to become available in 2026. If this is now under threat, whether by warfare or the hypothetical possibility of attack, that will create uncertainty.
According to Chris Grove, director of cybersecurity strategy at operational technology (OT) security company Nozomi Networks, targeting datacenters is an efficient way to cause numerous cascading problems.
“By targeting a data center, they are essentially attacking the digital infrastructure which provides an operational backbone for all of those sectors at once,” he said. “Data centers are also only built to withstand natural disasters, not military-grade attacks, making them particularly vulnerable to kinetic warfare.”
Sovereign cloud a ‘double-edged sword’
For Michael Reid, CEO of cloud connectivity company Megaport, the attacks raise deeper questions.
“The sovereign cloud is a double-edged sword that no one quite saw coming until this war,” said Reid. “While the appeal of a sovereign cloud is data residency and security, its relatively geographically siloed nature also creates vulnerabilities which are on display now.”
Enterprises should ensure they could move to a secondary cloud if the need arose, he advised. “Without a secondary cloud in place and the necessary capacity to connect to it, when disaster hits, IT teams will be left with no backup option.”