<p>Iran-linked hackers and other groups affiliated with Tehran will likely launch cyberattacks against U.S. targets in response to President Donald Trump’s order to strike three of Iran’s nuclear sites, according to a Department of Homeland Security bulletin issued Sunday.</p>
Introduction to Malware Binary Triage (IMBT) Course
Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 for any flavor.
Enroll Now and Save 10%: Coupon Code MWNEWS10
Note: Affiliate link – your enrollment helps support this platform at no extra cost to you.
<p>“Low-level cyber attacks against U.S. networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian government may conduct attacks against U.S. networks,” said <a href=“National Terrorism Advisory System Bulletin - June 22, 2025 | Homeland Security”>the alert</a> from the National Terrorism Advisory System.</p>
<p>The notice, scheduled to expire Sept. 22, adds that “hacktivists and Iranian government-affiliated actors routinely target poorly secured U.S. networks and internet-connected devices for disruptive cyber attacks.”</p>
<p>Under orders from Trump, U.S. bombers struck the Fordow, Natanz and Isfahan nuclear facilities in Iran on Saturday night, escalating a yearslong tension between the two nations that occurred amid back and forth talks seeking to deter Tehran from acquiring a nuclear weapon. Just over a week ago, Israel launched its <a href=“Mossad agents sabotaged Iranian defenses as airstrikes began, Israeli official says - Defense One”>own incursion</a> against Iranian military officials and scientists, on grounds that Iran was closer than ever before to having nuclear weapon capabilities.</p>
<p>The aim of the strikes was to destroy “Iran’s nuclear enrichment capacity” and eliminate “the nuclear threat posed by the world’s No. 1 state sponsor of terror,” Trump said Saturday night. “The strikes were a spectacular military success.”</p>
<p>The NTAS bulletin reflects <a href=“Iran-Linked Hackers Conducting Operations Against Government Networks, Intel Agencies Warn - Nextgov/FCW”>years of observed Iranian cyberattacks</a> targeting U.S. systems. Iran’s Islamic Revolutionary Guard Corps’s Cyber-Electronic Command and the affiliated “Cyber Av3ngers” gang were found to have <a href=“Treasury sanctions Iranian cyber officials tied to 2023 water system hacks - Nextgov/FCW”>breached U.S. water infrastructure</a> in late 2023 in response to Israel’s war against Hamas.</p>
<p>During the 2024 election cycle, the FBI, the Office of the Director of National Intelligence and the Cybersecurity and Infrastructure Security Agency concluded that Iran <a href=“US agencies conclude Iran was behind hack targeting Trump campaign - Nextgov/FCW”>stole sensitive documents</a> from the Trump campaign and floated them to the media with the hope that they’d be published online.</p>
<p>Iranian hackers tend to launch distributed denial of service attacks — designed to overwhelm a webpage with bot traffic until the page crashes — against aerospace, oil, gas and telecommunications entities, Brian Harrell, a former DHS assistant secretary who served in Trump’s first term, said in a statement to <em>Nextgov/FCW</em>.</p>
<p>“Iran’s cyber strategy is likely [in] cooperation with Russia, which given current tensions, could be a real possibility. Iranian capabilities have certainly increased since the ‘Shamoon’ attacks used against oil companies back in the day,” added Harrell, referring to the 2012 virus that <a href=“https://www.timesofisrael.com/iran-denies-role-in-gulf-cyberattacks/”>crippled some 30,000 computers</a> at major energy providers.</p>
<p>Iranian spin doctors have been found using artificial intelligence tools to spread disinformation in the U.S. and other nations. An OpenAI blog published last summer disclosed a covert campaign involving <a href=“https://openai.com/index/disrupting-a-covert-iranian-influence-operation/”>fake news websites</a> aimed at influencing American voters, though, according to the company, the effort failed to gain significant engagement.</p>
<p>On Friday, the Foundation for Defense of Democracies, a D.C.-based national security think tank, <a href=“https://www.fdd.org/analysis/2025/06/20/fdd-uncovers-large-iranian-network-impersonating-israelis-on-social-media/”>uncovered an Iranian network</a> built to help scammers impersonate Israelis on social media and post demoralizing messages in Hebrew.</p>
<p>“Iran has several highly-capable teams for offensive cyber operations. U.S.-based organizations should maintain vigilance and accelerate their defensive operational tempos in anticipation of retaliation,” said an industry executive with knowledge of Iranian cyber capabilities, who was granted anonymity because they were not authorized to speak publicly.</p>
<p>The Sunday bulletin also warned of potential physical threats inside the U.S. originating from foreign terrorist organizations or extremist groups, including calls for retaliatory violence and the targeting of people critical of Iran’s central government. </p>
<p>“The conflict could also motivate violent extremists and hate crime perpetrators seeking to attack targets perceived to be Jewish, pro-Israel or linked to the US government or military in the homeland,” it adds.</p>
<p>A pro-Israel hacking group said Wednesday it <a href=“Iran’s financial sector takes another hit as largest crypto exchange is targeted | CyberScoop”>drained over $90 million</a> from Iran’s largest crypto exchange, Nobitex, in the latest breach of the country’s financial networks. The group, known as Predatory Sparrow, also claimed responsibility for an earlier attack on Bank Sepah.</p>
Article Link: DHS expects Iran’s cyber forces will target US networks after strikes on nuclear sites - Nextgov/FCW