CISA and U.S. Agencies warn of ongoing Iranian cyber threats to critical infrastructure

CISA and U.S. Agencies warn of ongoing Iranian cyber threats to critical infrastructure

CISA and U.S. Agencies warn of ongoing Iranian cyber threats to critical infrastructure

Pierluigi Paganini
CISA and U.S. Agencies warn of ongoing Iranian cyber threats to critical infrastructure July 01, 2025

CISA and U.S. Agencies warn of ongoing Iranian cyber threats to critical infrastructure

U.S. warns of rising Iranian cyber threats exploiting outdated software and weak passwords, with attacks likely to escalate due to recent events.

U.S. cybersecurity and intelligence agencies warn of rising cyber threats from Iranian state-linked hackers, expected to escalate. These actors typically exploit outdated software, known vulnerabilities, and weak or default passwords on internet-connected systems.

“The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA) (hereafter referred to as the authoring agencies) strongly urge organizations to remain vigilant for potential targeted cyber activity against U.S. critical infrastructure and other U.S. entities by Iranian-affiliated cyber actors.” reads the joint advisory “Despite a declared ceasefire and ongoing negotiations towards a permanent solution, Iranian-affiliated cyber actors and hacktivist groups may still conduct malicious cyber activity. The authoring agencies are continuing to monitor the situation and will release pertinent cyber threat and cyber defense information as it becomes available.”

Although no coordinated Iranian cyber campaign has been detected in the U.S. so far, CISA, FBI, DC3, and NSA urge critical infrastructure operators to act. They recommend disconnecting OT and industrial control systems from the internet, using strong passwords, applying software updates, and enabling phishing-resistant multifactor authentication to strengthen defenses.

Iranian-aligned hacktivists have ramped up website defacements and data leaks and are likely to escalate DDoS and ransomware attacks targeting U.S. and Israeli entities.

Between Nov 2023 and Jan 2024, IRGC-linked hackers targeted Israeli-made industrial systems, affecting U.S. sectors like water, energy, and healthcare. They exploited internet-exposed ICSs with weak or default credentials. Their campaign included hack-and-leak ops tied to Gaza protests, aiming to damage reputations, steal data, and erode trust in cybersecurity. Even a U.S. IPTV firm was among the victims.

The Iran conflict raises cyber threat levels in the U.S., with likely low-level attacks by pro-Iranian hacktivists and possible state-linked cyber activity. Following U.S. strikes on Iranian nuclear sites, President Trump called the attacks a success and warned of more if Iran resists peace.

“The ongoing Iran conflict is causing a heightened threat environment in the United States.” reads the advisory published by US DHS. “Low-level cyber attacks against US networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian government may conduct attacks against US networks.”

The 2025 Iran-Israel war has sparked intense cyber conflict, with hacktivist groups from both sides launching digital attacks against one another.

Last week, the US DHS warned that Iran remains committed to targeting U.S. officials linked to a 2020 military commander’s death. The Israel-Iran conflict may fuel extremist violence in the U.S., especially if Iranian leaders issue a religious call for retaliation. Recent U.S. attacks tied to anti-Semitic views suggest the threat of more homeland plots is rising.

“Iran also has a long-standing commitment to target US Government officials it views as responsible for the death of an Iranian military commander killed in January 2020. The likelihood of violent extremists in the Homeland independently mobilizing to violence in response to the conflict would likely increase if Iranian leadership issued a religious ruling calling for retaliatory violence against targets in the Homeland.” continues the advisory. “Multiple recent Homeland terrorist attacks have been motivated by anti-Semitic or anti-Israel sentiment, and the ongoing Israel-Iran conflict could contribute to US-based individuals plotting additional attacks.”

Iran remains committed to targeting U.S. officials linked to a 2020 military commander. The Israel-Iran conflict may fuel extremist violence in the U.S., especially if Iranian leaders issue a religious call for retaliation. Recent U.S. attacks tied to anti-Semitic views suggest the threat of more homeland plots is rising.

In January 2020, the U.S. Department of Homeland Security (DHS) issued other warnings about the possibility of cyber-attacks launched by Iranian threat actors. The attacks could have been the response of Tehran after Maj. Gen. Qassim Suleimani was killed by a U.S. drone airstrike at the Baghdad airport in Iraq.

The order to kill Soleimani was issued by President Trump, who said Soleimani was planning an “imminent” attack on US personnel in Baghdad.

Christopher C. Krebs, who was the Director of Cybersecurity and Infrastructure Security Agency (CISA) at the time, warned of a potential new wave of cyber attacks carried out by Iran-linked hacker groups targeting U.S. assets.

Krebs warned operators of critical infrastructure to remain vigilant because the risk of cyber attacks is increasing hour by hour.

The DHS issued a new National Terrorism Advisory System bulletin. The DHS added that Iran has cyber capabilities to carry out attacks against US infrastructure, and it is also warned that Iran can conduct operations in the United States.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Iranian cyber threats)




Source link