DHS warns of heightened cyber threat as US enters Iran conflict

The Department of Homeland Security warned Sunday of a higher risk of malicious cyber activity from Iran following the direct U.S. military intervention in Israel’s conflict with Iran.

Hours after the U.S. bombed key Iranian nuclear facilities, DHS released a bulletin warning that Tehran’s operatives and sympathetic hacktivists would likely conduct low-level cyberattacks against U.S. networks in retaliation.

The bulletin also warned of a heightened risk to the personal safety of U.S. government officials and critics of the Iranian regime, as well as an increased risk of antisemitic violence. 

Both Iran-linked threat actors and hacktivist groups supporting the regime have frequently targeted poorly secured critical infrastructure sites in recent years, including water utilities, food businesses and technology companies.

National security experts and cybersecurity researchers echoed concerns that the Iran conflict could quickly spill over into cyberspace. 

“In light of recent developments, the likelihood of disruptive cyberattacks against U.S. targets by Iranian actors has increased,” John Hultquist, chief analyst at Google Threat Intelligence Group, said in a statement.

Hultquist noted that Iran has primarily focused these attacks on Israel, particularly after Hamas’ Oct. 7, 2023, attacks. Hultquist said Iran has seen mixed results with these attacks and often exaggerates the effects of its operations for maximum psychological impact. 

Annie Fixler, director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, said her organization has “already seen a significant uptick in Iranian hacktivist activity and pro-Iranian cyberattacks and propaganda and psychological operations.”

Approximately three dozen pro-Irananian groups have launched cyberattacks against Israeli government, military and infrastructure targets since the conflict began around June 12, according to a report from CloudSek.The operations ranged from DDoS attacks to data leaks and website defacement. 

DHS and FBI officials briefed state governors and other local officials Sunday on the heightened threat environment. Governors from multiple states, including Missouri and Arizona, posted about the briefing on X and called on local officials to remain vigilant. 

“Secretary Noem has spoken with Governors nationwide, as well as state and local law enforcement to ensure our partners at every level of government have the information they need to keep their communities safe,” Assistant Secretary Tricia McLaughlin told Cybersecurity Dive via email. “It is our duty to keep the nation safe and informed, especially during times of conflict.”

Hackers linked to the Iranian Revolutionary Guard Corps have previously targeted water utilities and other U.S. sites that were poorly configured with weak passwords and exposed to the internet. The Environmental Protection Agency has worked with utilities to help them secure their systems.

Security researchers warned last week to expect an uptick in threat activity linked to the conflict, which began when Israel bombed Iranian targets including military facilities and the homes of key nuclear scientists.

The Information Technology Information Sharing and Analysis Center and the Food and Agriculture Information Sharing and Analysis Center previously warned about the threat of increased cyber activity.