X-Industry

Iranian Hackers Increase Their Attacks

Posted by Jim McKee on July 15, 2025 at 8:00am

13660410699?profile=RESIZE_400xJust hours after the US President announced airstrikes on three key Iranian nuclear sites, a wave of cyberattacks linked to pro-Iranian groups began to surface.  Iranian hackers are reported to have hit US banks, defense contractors, and oil industry companies after the US attacks on Iranian nuclear facilities.  To date, they have not caused serious problems to critical infrastructure or the US economy. However, some analysts think that the US strikes could even prompt Iran, Russia, China, and North Korea to increase their cyber warfare activities.[1]

The US may be militarily dominant, but its reliance on digital technology poses a vulnerability.  Two pro-Palestinian hacking groups claimed they targeted more than a dozen aviation firms, banks, and oil companies following the US airborne strikes.    The hackers have detailed their work in a post on the Telegram messaging service and urged other hackers to follow their lead, according to researchers at the SITE Intelligence Group, which tracks the groups' activity.

See:  https://redskyalliance.org/xindustry/the-iranian-cyber-evolution-rats-backdoors-and-droppers

The attacks were denial-of-service attacks, in which a hacker tries to disrupt a website or online network.  “We increase attacks from today,” one of the hacker groups, known as Mysterious Team, posted recently.

  • U.S. federal authorities say they are on guard for additional attempts by hackers to penetrate US networks, and the Department of Homeland Security (DHS) has recently published a public statement warning of increased Iranian cyber threats.
  • The Cybersecurity and Infrastructure Security Agency (CISA) has issued a statement urging organizations that operate critical infrastructure like water systems, pipelines, or power plants to stay vigilant. “The ongoing Iran conflict is causing a heightened threat environment in the United States.  Low-level cyber-attacks against US networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian government may conduct attacks against US networks."

Iran also has a long-standing commitment to target those US Government officials whom it views as responsible for the death of an Iranian military commander killed in January 2020.  “The likelihood of violent extremists in the Homeland independently mobilizing to violence in response to the conflict would likely increase if Iranian leadership issued a religious ruling calling for retaliatory violence against targets in the Homeland.  Multiple recent Homeland terrorist attacks have been motivated by anti-Semitic or anti-Israel sentiment, and the ongoing Israel-Iran conflict could contribute to US-based individuals plotting additional attacks”, says the DHS statement.

While Iran is thought to lack the ultimate technical abilities of China or Russia, Iran has long been effective when it comes to using cyberattacks to steal secrets, score political points, or frighten opponents.  Cyber-attacks mounted by Iran's government may end if a ceasefire holds as Iran looks to avoid another confrontation with the US; however, hacker groups could still retaliate on Iran's behalf.  In some cases, these groups have ties to military or intelligence agencies. In other cases, they act entirely independently.

Iran is almost certain to try to use hacking to predict President Donald Trump’s next moves.  In 2024, federal authorities charged three Iranian operatives with trying to hack Trump’s presidential campaign, and it would be wrong to assume Iran has given up on these kinds of cyberattacks.  Ironically, the need to strengthen America's digital defenses comes at a time when the Trump administration has moved to cut some cybersecurity programs as part of its effort to shrink the size of government.

It appears that the cyber conflict will continue long after military action has ceased. While the ceasefire between Iran and Israel appears to be holding, cybersecurity analysts warn that the cyberwar will likely persist and possibly intensify. Experts stress the need for robust investments in cybersecurity, not just at the federal level but across private industries and critical infrastructure, as the digital battlefield becomes increasingly persistent.

 

This article is shared with permission at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC).  For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com    

Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122

 

[1] https://www.cybersecurityintelligence.com/blog/iranian-hackers-attack-after-us-air-strikes-8508.html

Views: 16
Tags: tr-25-194-002, irancyberattacks, usiranconflict, cybersecuritythreats, hacktivism, criticalinfrastructure, ddosattack
E-mail me when people leave their comments –
Follow

You need to be a member of Red Sky Alliance to add comments!