US Homeland Security warns of escalating Iranian cyberattack risks

June 25, 2025

This past week, tensions between the United States and Iran have escalated into full scale conflict as the United States and Israel conducted air strikes against Iran’s nuclear testing facilities. As a consequence, the cyberwar that has been ongoing between these nations is considered likely to escalate, and the United States Department of Homeland Security has issued an advisory regarding the potential consequences. This advisory is a bulletin from the National Terrorism Advisory System and outlines a broad summary of the cybersecurity threat posed by Iran to the United States. This threat generally falls into two broad categories: independent hacktivists, and government-affiliated threat actors.

Ever since the death of an Iranian military commander in January 2020, which the Islamic Republic holds the US responsible for, cyberattacks by Iran against the US have been common. Prior to this conflict, it was already well known that hacktivists and state actors routinely target poorly secured US networks and internet-connected devices for disruptive cyberattacks. According to the bulletin, US law enforcement has already disrupted multiple potentially lethal Iranian-backed plots in the United States since 2020, although specific incidents are not named. Israel and the United States have of course also engaged in cyberwarfare against Iran, which may account for the near total internet blackout the Islamic Republic has inflicted upon itself, supposedly as a protection against cyberattacks.

Apart from Iran itself, the United States is concerned about Iranian leadership issuing a religious ruling calling for retaliatory violence. Religiously motivated third parties have already been responsible for multiple terrorist attacks in the United States in recent months, and the same motivations can easily encourage hacktivism. Since the start of the conflict, multiple foreign terrorist organizations, including HAMAS, the Houthis, and the Popular Front for the Liberation of Palestine, among others, have called for violence against US assets and personnel. These organizations are also likely to be affiliated with hacktivists, who could conduct attacks of their own. At this point, it is difficult to indicate what they would target, but critical infrastructure assets such as water treatment facilities are known to have been targeted in the past and therefore should practice extreme caution.

More from Blackwired

July 9, 2025

Sixfold surge of ClickFix attacks threatens corporate defenses

ClickFix exploits user ignorance by tricking them into running malicious code as fake errors or CAPTCHAs; awareness is key.

Read more
July 2, 2025

SquareX: Browser AI Agents Are The Weakest Link

Browser AI agents pose major security risks, often falling for phishing and OAuth attacks due to lack of built-in safeguards.

Read more
June 18, 2025

CISA Issues Comprehensive Guide to Safeguard Network Edge Devices

New global guidance urges stronger edge device security to counter rising zero-day threats—focus on logging, MFA, and hardening.

Read more

© 2024 Blackwired. All Rights Reserved.