Ratings agencies warn that the U.S. and Israeli bombing campaign against Iran could raise the level of cyber risk for U.S. public finance issuers.
Fitch Ratings, in a report released Monday, warned that hacktivists, state-sponsored groups and lone wolf actors could use cyber to target critical infrastructure and U.S. public entities in reaction to the war.
“So that’s the challenge I think we’re seeing now, because, historically, municipal and local entities have not benefited from the same robust investment in cybersecurity,” Omid Rahmani, director, US Public Finance at Fitch Ratings, told Cybersecurity Dive.
Fitch Ratings warned the threat could range from distributed denial-of-service hacks to financially motivated attacks and other attempts to disrupt operations of these entities. They warned that attacks on critical infrastructure providers such as power companies or water utilities could lead to downstream impacts.
“Heightened geopolitical tensions involving Iran increase the risk of retaliatory cyber activity, particularly against organizations linked to the U.S., Israel and allies as past incidents have shown,” said Leroy Terrelonge, cyber risk senior credit officer at Moody’s Ratings.
The technical capabilities of these actors vary widely. Terrelonge noted that previous ransomware and data wiping attacks have been particularly impactful from a ratings standpoint because of their ability to degrade critical services and weaken the trust relationship with customers.
He also warned that insurance companies could potentially challenge coverage policies due to war exclusions language that limits payouts in the event an attack is related to a military conflict. That could potentially mean the cost of such attacks could fall directly onto corporate balance sheets.
A March 4 report from CyberCube shows that 12% of large U.S. firms with annual revenue of more than $1 billion are the most vulnerable to Iran-linked attacks. The firms span seven critical infrastructure categories and include 28 health organizations and 13 energy and utility companies.
U.S. officials have previously raised concerns about the risk of malicious attacks linked to Iran. The Islamic Revolutionary Guard Corps was linked to a series of attacks targeting water utilities in the U.S. dating back to 2023.
Iran-linked attackers were able to exploit flaws in Unitronics programmable logic controllers, which have been widely used by water utilities and other critical sectors.
In June 2025, the FBI and the Cybersecurity and Infrastructure Security Agency warned that Iran-linked actors may target vulnerable U.S. networks. The warnings were linked to the 12-day war launched by the U.S. and Israel to degrade the suspected nuclear weapons program in Iran.
The current bombing campaign, which began Feb. 28, has led to heightened threats from pro-Iran and some pro-Russian hacktivists. Already security researchers have warned of exploitation attempts targeting critical infrastructure, including ICS systems in Israel and surveillance cameras in Persian Gulf countries.
A state-backed actor tracked as MuddyWater has been prepositioned on multiple U.S. networks in the weeks leading up to the bombing campaign.
