Back
World News

Iran-Linked Cyber Operations Target U.S. Critical Infrastructure Amid Heightened Tensions

Generated on: Last updated: 9 sources
View source

Cyber Threats Escalate: Iran-Affiliated Hackers Target U.S. Critical Infrastructure

Multi-Agency Warning on Industrial Control System Attacks

Multiple U.S. federal agencies—including CISA, the FBI, NSA, Department of Energy, EPA, and U.S. Cyber Command—have jointly issued an advisory regarding cyberattacks targeting Rockwell Automation's industrial control systems. Hackers are exploiting programmable logic controllers (PLCs), specifically the Studio 5000 Logix Designer software, which controls industrial operations.

"These attacks have resulted in operational disruption and financial loss for victims in government services, water and wastewater, and energy sectors."

The agencies recommend taking vulnerable internet-connected controllers offline immediately to mitigate risks. These activities occur against a backdrop of ongoing military hostilities between the U.S., Israel, and Iran.

Recent Cyber Incidents

Stryker Cyberattack

Pro-Iranian, pro-Palestinian hackers operating under the name Handala claimed responsibility for disrupting systems at Stryker, a Michigan-based medical technology company. Stryker confirmed a temporary "global network disruption to our Microsoft environment" without malware or ransomware. Cybersecurity analysts indicate Handala's primary objective appears to be data destruction rather than financial extortion. Palo Alto Networks describes Handala as directly linked to Iran's Ministry of Intelligence and Security.

Los Angeles Metro Hack

The Los Angeles Metro transit system experienced a partial network shutdown due to a cyberattack. While the culprit is officially unclear, a source indicated that Iran-backed hackers are under investigation. The agency emphasized the hack did not impact passenger commute times.

Polish Nuclear Facility

Polish authorities are investigating a recent cyberattack on a nuclear research facility for potential links to Iran, though other groups are also being considered.

Gas Station ATG Breaches

U.S. officials suspect Iranian hackers are behind breaches of automatic tank gauge (ATG) systems at gas stations in multiple states. The hackers exploited ATGs left online without password protection, allowing them to alter display readings but not actual fuel levels. The intrusions raised safety concerns but did not cause physical damage.

Iran's Cyber Capabilities and Methods

U.S. intelligence agencies consider Iran's cyber capabilities to be less advanced than China or Russia. However, experts report that Iran's cyber operations are accelerating, with increased use of hacktivist personas and potentially AI-driven scaling.

Historically, Iranian-affiliated actors have:

  • Impersonated U.S. activists online to promote protests
  • Established fake news websites and social media accounts to spread information prior to U.S. elections
  • Infiltrated a U.S. presidential campaign's email system and attempted to distribute stolen files
  • Attempted to access the WhatsApp accounts of U.S. presidential candidates

Common attack methods include denial-of-service (DoS) attacks, website defacements, and hack-and-leak operations. Iranian-affiliated hackers often target systems with lower cybersecurity defenses, such as local water plants or healthcare facilities.

Threats to U.S. Technology Companies

Iran's semi-official Tasnim News Agency, associated with the IRGC, published a social media post listing Amazon, Microsoft, Palantir, and Oracle as potential targets, stating these are "Iran's new goals in the region."

The IRGC also issued a separate threat via Telegram naming 18 firms, including Nvidia, Apple, Microsoft, Alphabet, Cisco, Intel, Oracle, Tesla, Boeing, and JPMorgan Chase. The threat advised employees to leave their workplaces.

Iranian drone strikes have reportedly damaged Amazon data centers in the region, including facilities in the UAE and near a Bahraini facility. Amazon Web Services confirmed structural damage, power disruptions, and fire suppression activities. Major U.S. firms, including Amazon, Google, Snap, and Nvidia, have reportedly implemented emergency protocols to protect personnel in the Middle East.

Iranian Proxy Groups and Future Collaborations

Pro-Iranian hacking groups are extending their targeting from the Middle East into the United States. Handala has claimed responsibility for cyberattacks, stating they were in response to alleged U.S. strikes that resulted in the deaths of Iranian schoolchildren. Other groups have reportedly attempted to access cameras in Middle Eastern countries for missile targeting and have targeted regional data centers, industrial facilities in Israel, a school in Saudi Arabia, and an airport in Kuwait.

Analysts are monitoring the possibility of Russia, China, or their allied hacking groups providing cyber assistance to Iran. Evidence suggests pro-Iranian hackers in Russia have increased activity in support of Tehran since the conflict began. The group Z-Pentest has claimed responsibility for disrupting U.S. networks, including closed-circuit video camera systems.

Federal Agency Warnings and Response

The Department of Homeland Security has issued public warnings regarding Iranian cyber threats following activities targeting U.S. water infrastructure and political campaigns. The FBI, CISA, NSA, EPA, DOE, and Cyber Command jointly recommend U.S. organizations review tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) for signs of activity on their networks.

White House Press Secretary Karoline Leavitt stated that President Trump has threatened to target Iran's critical infrastructure, including bridges and power plants, if an agreement regarding the Strait of Hormuz is not reached.

President Trump set a deadline for the Iranian regime to reach a deal with the United States. White House Deputy Press Secretary Anna Kelly stated that Iranian ballistic missile attacks have decreased by 90 percent and drone attacks by 83 percent.

Counterterrorism and Domestic Security Concerns

Federal counterterrorism authorities have issued warnings regarding potential retaliatory strikes by Iran on American soil. Potential methods include sleeper cells, affiliated Iranian groups, lone wolf sympathizers, or targeted cyberattacks.

Sleeper Cell Concerns

Days after the reported killing of Iranian Supreme Leader Ayatollah Ali Khamenei on February 28, cryptic messages were broadcast globally on a new shortwave radio frequency. Federal authorities detected this broadcast, described as "likely of Iranian origin," and alerted local law enforcement, suggesting it could be "an operational trigger" for "sleeper assets" in the U.S. No specific credible threat has been found.

Past Assassination Plots

Iran has reportedly attempted to hire assassins to target U.S. officials. Following a 2020 U.S. airstrike that killed Iranian Gen. Qassem Suleimani, Iran sought to target former Secretary of State Mike Pompeo and former National Security Advisor John Bolton. Shahram Poursafi, a member of the IRGC, was charged by the DOJ with attempting to hire individuals to assassinate Bolton. Asif Raza Merchant was convicted for a murder-for-hire plot targeting former President Trump and others. In November 2024, the DOJ charged Farhad Shakeri, an Afghan national residing in Tehran, in a separate plot to assassinate Trump.

Lone Actor Threats

The Los Angeles Police Department (LAPD) is at a "heightened level of awareness" regarding "lone wolves" who may be inspired by events in the Middle East. Southern California has a population of Iranian descent numbering over 700,000. Recent incidents include two men in New York City who brought homemade bombs to a far-right protest, an individual who rammed his vehicle into a synagogue in Michigan, and a man in Virginia who opened fire in a university classroom.

Border Security

In 2023, two Iranian nationals on a U.S. security watch list were apprehended at the Texas-Mexico border. Customs & Border Patrol Commissioner Rodney Scott reported that "thousands of Iranian nationals have been documented entering the United States illegally" between 2022 and 2025.

Critical Infrastructure Ownership and Defense

Private sector companies own approximately 85% of the nation's critical infrastructure, placing a significant burden on them as the primary line of defense.

Executives from major U.S. energy, water, transportation, and communications corporations have increased vigilance against potential attacks. The Edison Electric Institute (EEI) works with the government through the Electricity Subsector Coordinating Council (ESCC) to share intelligence and prepare for incidents. Cybersecurity experts advise organizations to implement strong cyber hygiene practices, including regular system patching, updating security solutions, and managing user accounts.