Iranian cyber threat groups are expected to increase their attacks on the United States following President Donald Trump's decision to launch air strikes on Iran.
After the United States bombed three major nuclear facilities in Iran, the Iranian government promised to retaliate.
The Department of Homeland Security issued a bulletin on Sunday through the National Terrorism Advisory System, warning that Iran has publicly condemned the United States for its involvement and may respond in different ways.
While Iran could carry out physical attacks within the U.S., state-backed hackers and pro-Iranian hacktivists are also likely to escalate their cyberattacks in reaction to recent events.
According to the DHS, the conflict with Iran has created a higher threat level across the United States. The agency said that low-level cyberattacks by pro-Iranian hacktivists are expected, and cyber actors linked to the Iranian government may attempt more serious attacks on U.S. networks.
John Hultquist, chief analyst at Google's Threat Intelligence Group, said in an email that the chances of Iranian hackers launching disruptive cyberattacks have increased. He explained that many of Iran’s past cyber operations focused on Israel, particularly after the October 2023 conflict involving Hamas. These incidents offer insight into both the capabilities and limits of Iranian threat groups.
Hultquist stated that Iran often exaggerates the effects of its attacks to create psychological fear, even when the actual impact is limited. He cautioned against overestimating these events, although he acknowledged that individual organizations could still experience serious consequences. He advised that the same protective steps used to defend against ransomware could help reduce risk.
He also noted that Iran frequently targets the United States with cyberespionage, using it to gather geopolitical intelligence and monitor individuals involved in shaping Iran policy. These individuals are often targeted through both personal and work-related accounts and should remain alert to phishing and social engineering tactics.
In addition, Iranian cyber espionage often targets companies in sectors like telecommunications, airlines, and hospitality. These industries hold data that can help Iranian operatives identify and track people of interest.
Cybersecurity researchers have monitored Iranian activities online for years. Some of the attacks have appeared unsophisticated, such as attempts to access industrial control systems, while others have been more advanced.
Examples include phishing attacks on political campaigns and brute-force attempts aimed at critical infrastructure. Researchers have also documented sophisticated malware used for intelligence gathering, as well as innovative delivery techniques.
One Iranian state-sponsored group, CyberAv3ngers, pretends to be a hacktivist organization and has developed malware known as IOCONTROL. This tool has been used to target Internet of Things and operational technology devices in both the United States and Israel.
To help organizations defend against these threats, the U.S. Cybersecurity and Infrastructure Security Agency provides detailed resources about Iranian cyber activities, along with recommendations for detection and protection.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
