US Homeland Security warns of escalating Iranian cyberattack risks

The U.S. Department of Homeland Security (DHS) warned over the weekend of escalating cyberattack risks by Iran-backed hacking groups and pro-Iranian hacktivists.

This warning was issued as a National Terrorism Advisory System bulletin on Sunday and cautions that the Iranian conflict is causing a “heightened threat environment” in the United States, with “low-level” cyberattacks targeting networks in the U.S. likely.

“The likelihood of violent extremists in the Homeland independently mobilizing to violence in response to the conflict would likely increase if Iranian leadership issued a religious ruling calling for retaliatory violence against targets in the Homeland,” the advisory reads.

“Multiple recent Homeland terrorist attacks have been motivated by anti-Semitic or anti-Israel sentiment, and the ongoing Israel-Iran conflict could contribute to US-based individuals plotting additional attacks.”

In its Sunday bulletin, the DHS also cautioned about previous cyberattacks coordinated by both hacktivists and Iranian government-affiliated hackers that have previously targeted poorly secured U.S. networks.

In October, authorities in the U.S., Canada, and Australia also cautioned that Iranian hackers are acting as initial access brokers and breaching organizations in the healthcare, government, information technology, engineering, and energy sectors in brute-force, password spraying, and multifactor authentication (MFA) fatigue (or push bombing) attacks.

In a separate August advisory, CISA, the FBI, and the Defense Department’s Cyber Crime Center (DC3) also warned of an Iranian-based threat group tracked as Br0k3r (or Pioneer Kitten, Fox Kitten, UNC757, Parisite, RUBIDIUM, and Lemon Sandstorm).

Br0k3r is believed to be state-sponsored and involved in selling initial access to breached networks to ransomware affiliates for a share of the profits obtained from ransomware payments.

While the DHS didn’t mention it in the NTAS bulletin, the warning was likely promoted by the United States attacks on the Fordow, Natanz, and Isfahan key Iranian nuclear facilities on Saturday, just over a week after Israel also hit multiple Iranian nuclear and military targets on June 13.

Iran’s Foreign Minister Abbas Araghchi responded to the attack, warning of “everlasting consequences” and saying, “Iran reserves all options to defend its sovereignty, interest, and people.”