Iran-linked hackers may be targeting US companies and operators of critical infrastructure, particularly defense organizations with stakes or ties to Israeli research and defense firms, according to a warning from US government officials cited by "Reuters".
A joint statement from the FBI, the National Security Agency (NSA), the Defense Department's Cybercrime Center (DC3) and the Cybersecurity and Infrastructure Security Agency (CISA) stressed that despite the lack of evidence of a coordinated campaign, the threat remains. The agencies are urging all organizations to ensure their systems are up to date and secure.
"Despite the ceasefire and ongoing negotiations for a long-term solution, Iran-related hackers and cyber-activists may continue to engage in hostile activity," the agencies said in the advisory.
Following the Israeli offensive on June 13 and the subsequent US strikes on Iranian nuclear sites on June 22, US and Israeli researchers have observed limited but significant cyber-activity from Iran.
According to US agencies, Iranian state-sponsored hackers often exploit vulnerabilities in outdated or outdated software, as well as weak or factory passwords to access connected devices. They also collaborate with ransomware attack groups to encrypt, steal, or leak sensitive information.
A case in point is a November 2023 incident in which hackers believed to be affiliated with the Iranian Revolutionary Guard compromised water and wastewater treatment facilities in several states. The attacks targeted Israeli-made equipment and occurred shortly after Hamas attacks on Israel in October of that year.