US officials are warning businesses to brace for potential Iranian cyberattacks following American airstrikes on the country’s nuclear sites, an event that experts say could draw a relatively small response from hackers.
A bulletin from the Department of Homeland Security warned that Iranian hackers routinely target American technology, and that such activity is poised to occur after the US military operation. The message said that DHS hadn’t identified any specific imminent threat.
“Low-level cyberattacks against US networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian government may conduct attacks against US networks,” according to the bulletin issued Sunday. It also warned of potential retaliatory violence from extremists in the US.
Iranian hackers have been accused in recent years of targeting banks, a Saudi oil company and US elections. The country has repeatedly shown a willingness to use cyberattacks against adversaries with stronger cyber capabilities than itself, including Israel, according to a 2024 threat assessment by US intelligence.
Iran’s top military general on Monday said that the American strikes on its nuclear sites had given Iran a free hand for retaliatory measures.
Still, while Iranian cyberattacks could disrupt specific targets, John Hultquist, chief analyst at Google’s Threat Intelligence Group, warned that the country frequently fabricates or exaggerates its capabilities “in an effort to boost their psychological impact.”
“We should be careful not to overestimate these incidents and inadvertently assist the actors,” he said. “The impacts may still be very serious for individual enterprises, which can prepare by taking many of the same steps they would to prevent ransomware.”
Anticipating a new wave of Iranian hacks, a leading US cybersecurity organization warned American businesses on June 13 to shore up defenses. The IT Information Sharing and Analysis Center, or IT-ISAC, said in a statement that Iranian state-sponsored actors had previously launched attacks against US organizations during periods of heightened conflict.
As such, companies should “take immediate steps to proactively assess their cyber preparedness, enhance their defenses, and prepare for a range of cyber activity, some of which could potentially be disruptive,” the organization said in a statement.
Gil Messing, chief of staff at Israeli cybersecurity firm Check Point Software Technologies Ltd, said that Iran is likely to carry out such attacks, but often makes overblown claims about their damage. Its strategy, Messing said, was aimedprimarily at intimidation and disseminating disinformation.
US officials have accused Iran’s Islamic Revolutionary Guard Corps of using front companies to coordinate some hacking campaigns. The Justice Department last year charged four people for allegedly targeting more than a dozen American companies, primarily defense contractors, and government bodies with phishing and malware attacks. The Treasury Department also sanctioned two companies in connection with that activity.
In late 2011 and early 2012, Iranian hackers allegedly pulled off a series of powerful distributed-denial-of-service attacks that disrupted and disabled the websites of some of the US’s top banks and prevented their customers from accessing online accounts.
The next year, a hacker allegedly broke into the computer systems for a dam in Rye, New York. The intruder wasn’t able to take control of the dam because its sluice gate had been manually disconnected. Nonetheless, one US official called it “a frightening new frontier in cybercrime.”
In 2020, Iranian hackers were accused of trying to meddle in US elections, attempting to obtain voter information, sending threatening emails to voters and spreading disinformation online. Last year, US intelligence agencies blamed Iran for a hack of then-US presidential candidate Donald Trump’s campaign.
Prior to the US bombings in Iran, the conflict between Israel and Iran had already spilled into the cyber domain. Pro-Israeli groups have claimed responsibility for a number of cyberattacks against Iranian targets, including a major bank, but the impact has so far proven minimal, experts said.
Iran, meanwhile, imposed a nationwide internet and telephone blackout, telling civilians it was necessary to prevent Israeli cyberattacks, which were said to include banks and crypto exchanges.
Photo: Photographer: Chris Ratcliffe/Bloomberg
Topics USA
Was this article valuable?
Here are more articles you may enjoy.
Perelman at $410 Million Art Trial Says Fire Faded His Works 
Air India Crash Seen Triggering $475 Million in Insurance Claims 
Carnival Cruise Lines Not Liable for Teen’s Sexual Assault on Ship, Appeals Court Finds 
Viewpoint: Certificates of Insurance…Or How I Got a Job in the Prison Laundry 
