US officials are alerting businesses to prepare for possible cyberattacks from Iran following recent American airstrikes on Iranian nuclear sites. Experts believe that while the response from hackers might be limited, it is still a serious concern.
The Department of Homeland Security (DHS) issued a bulletin stating that Iranian hackers often target American technology. Although they have not identified any specific threats, the bulletin noted that low-level cyberattacks from pro-Iranian hacktivists are likely. Additionally, cyber actors linked to the Iranian government may also launch attacks against US networks. The bulletin also mentioned potential retaliatory violence from extremists within the US.
In the past, Iranian hackers have targeted various sectors, including banks, oil companies, and even US elections. A 2024 threat assessment from US intelligence highlighted Iran’s willingness to use cyberattacks against adversaries, including Israel, which has stronger cyber capabilities.
Following the US strikes, Iran’s top military general indicated that the country now has a free hand for retaliatory measures. However, experts like John Hultquist from Google’s Threat Intelligence Group warn against overestimating Iran’s capabilities. He noted that Iran often exaggerates its cyber abilities for psychological impact. He emphasized that the potential impacts could still be serious for individual businesses, which should take steps to protect themselves, similar to measures taken against ransomware.
On June 13, the IT Information Sharing and Analysis Center (IT-ISAC) urged American companies to strengthen their cyber defenses. They advised businesses to assess their cyber preparedness and enhance their defenses in anticipation of possible disruptive attacks.
Gil Messing from Check Point Software Technologies echoed this sentiment, stating that while Iran is likely to conduct cyberattacks, it often inflates the extent of the damage caused. The primary goal of these attacks appears to be intimidation and spreading disinformation.
US officials have previously accused Iran’s Islamic Revolutionary Guard Corps of using front companies to coordinate hacking campaigns. Last year, the Justice Department charged four individuals for targeting American companies and government bodies with phishing and malware attacks. The Treasury Department also imposed sanctions on two companies linked to these activities.
Historically, Iranian hackers have executed significant cyberattacks, including distributed-denial-of-service attacks against major US banks in 2011 and 2012. They also made headlines for attempting to breach the computer systems of a dam in New York, although the attack did not succeed in taking control of the dam.
In 2020, Iranian hackers were implicated in attempts to interfere with US elections, including sending threatening emails to voters and spreading disinformation. More recently, US intelligence agencies blamed Iran for hacking into the campaign of then-presidential candidate Donald Trump.
Before the recent US airstrikes, tensions between Israel and Iran had already spilled into the cyber realm, with pro-Israeli groups claiming responsibility for various attacks against Iranian targets. Meanwhile, Iran imposed a nationwide internet blackout, citing the need to protect against potential Israeli cyberattacks.
As the situation unfolds, US businesses are advised to remain vigilant and proactive in their cybersecurity efforts.