US government agencies have issued a warning to critical infrastructure organisations about the potential for cyberattacks by Iranian-affiliated threat actors targeting US devices and networks in the near future.
The joint advisory, published by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of Defence Cyber Crime Centre (DC3), and the National Security Agency (NSA), included guidance for organisations on how to prepare.
Officials clarified that they have not “seen indications of a coordinated campaign of malicious cyber activity in the US that can be attributed to Iran,” but nonetheless urged organisations to remain alert and informed.
US officials have remained alert to the risk of digital retaliation from Iran following a US-Israeli strike on Iranian nuclear facilities on 22 June.
The conflict between Israel and Iran over Tehran’s nuclear ambitions escalated on 13 June, when Israel launched a surprise attack on dozens of Iranian nuclear and military targets. President Trump has also pushed for Iran to abandon its nuclear programme, although Tehran maintains that its efforts are peaceful.
As of 13 June, there has been a stated ceasefire between Iran and Israel.
“Despite a declared ceasefire and ongoing negotiations towards a permanent solution, Iranian-affiliated actors and hacktivist groups may still conduct malicious cyber activity,” the advisory stated.
It warned that companies within the Defence Industrial Base (DIB), particularly those with ties to Israeli research or defence firms, face a heightened risk.
“Iranian state-sponsored or affiliated threat actors are known to conduct a range of targeted cyber activity to include exploit known vulnerabilities in unpatched or outdated software, compromise internet-connected accounts and devices that use default or weak passwords and work with ransomware affiliates to encrypt, steal, and leak sensitive information.”
The agencies added that they are actively monitoring the situation and are working closely with government, industry, and international partners to identify and share intelligence.
“We strongly urge organisations report suspicious or criminal activity related to potential Iranian cyber activity,” the statement concluded.
