Iranian-affiliated hackers may target U.S. companies and critical infrastructure infrastructure operators, particularly defense organizations with holdings or relationships with Israeli research and defence firms, according to an advisory from U.S. government officials Monday.
The FBI, National Security Agency, the Department of Defense Cyber Crime Center (DC3) and the Department of Homeland Security’s civilian cybersecurity defense wing said in a statement issued alongside the advisory that while there are no indications of a coordinated Iranian-linked malicious cyber campaign so far, organizations should ensure their defenses are up to date.
“Despite a declared ceasefire and ongoing negotiations towards a permanent solution, Iranian-affiliated cyber actors and hacktivist groups may still conduct malicious cyber activity,” the agencies said in the advisory.
Cybersecurity researchers and defenders in Israel and the U.S. have so far seen little Iranian-linked cyber activity of consequence in the wake of the war launched by Israel June 13, followed by U.S. strikes on Iranian nuclear facilities June 22.
Iranian state-sponsored hackers are known to exploit existing vulnerabilities in unpatched or outdated software and compromise internet-connected accounts and devices that use default or weak passwords, as well as work with ransomware operators to encrypt, steal and leak sensitive information, the agencies said Monday.
In November 2023, hackers said by the U.S. government to be affiliated with the Iranian Revolutionary Guards hacked equipment located in water and wastewater treatment systems in multiple states. The attacks targeted an Israeli-made device and came shortly after the October 2023 Hamas attacks on Israel.
(Reporting by AJ Vicens in Detroit; Editing by Chizu Nomiyama )
