US Homeland Security warns of escalating Iranian cyberattack risks

June 25, 2025

This past week, tensions between the United States and Iran have escalated into full scale conflict as the United States and Israel conducted air strikes against Iran’s nuclear testing facilities. As a consequence, the cyberwar that has been ongoing between these nations is considered likely to escalate, and the United States Department of Homeland Security has issued an advisory regarding the potential consequences. This advisory is a bulletin from the National Terrorism Advisory System and outlines a broad summary of the cybersecurity threat posed by Iran to the United States. This threat generally falls into two broad categories: independent hacktivists, and government-affiliated threat actors.

Ever since the death of an Iranian military commander in January 2020, which the Islamic Republic holds the US responsible for, cyberattacks by Iran against the US have been common. Prior to this conflict, it was already well known that hacktivists and state actors routinely target poorly secured US networks and internet-connected devices for disruptive cyberattacks. According to the bulletin, US law enforcement has already disrupted multiple potentially lethal Iranian-backed plots in the United States since 2020, although specific incidents are not named. Israel and the United States have of course also engaged in cyberwarfare against Iran, which may account for the near total internet blackout the Islamic Republic has inflicted upon itself, supposedly as a protection against cyberattacks.

Apart from Iran itself, the United States is concerned about Iranian leadership issuing a religious ruling calling for retaliatory violence. Religiously motivated third parties have already been responsible for multiple terrorist attacks in the United States in recent months, and the same motivations can easily encourage hacktivism. Since the start of the conflict, multiple foreign terrorist organizations, including HAMAS, the Houthis, and the Popular Front for the Liberation of Palestine, among others, have called for violence against US assets and personnel. These organizations are also likely to be affiliated with hacktivists, who could conduct attacks of their own. At this point, it is difficult to indicate what they would target, but critical infrastructure assets such as water treatment facilities are known to have been targeted in the past and therefore should practice extreme caution.

More from Blackwired

September 10, 2025

Stealthy attack serves poisoned web pages only to AI agents

New AI browser attack targets agents via hidden prompts, exploiting unique agent fingerprints to deliver invisible malicious code.

Read more
September 3, 2025

First AI-Powered Ransomware Created Using OpenAI's gpt-oss:20b Model

PromptLock is an AI-powered ransomware PoC using LLMs to generate dynamic, hard-to-detect, cross-platform attacks.

Read more
August 27, 2025

Chinese Hackers Silk Typhoon Escalate Cloud and Telecom Espionage

Silk Typhoon targets cloud via zero-days, supply chains, and trusted ties; monitor edge, patch fast to detect and defend.

Read more

© 2024 Blackwired. All Rights Reserved.