American defense firms that have holdings or relationships with Israeli companies are at an “increased risk” of being targeted by Iran-linked government hackers and other cybercriminals backing Tehran, according to a Monday advisory from four U.S. security agencies.
The readout comes amid a fragile ceasefire deal struck between Iran and Israel, which culminated after President Donald Trump last week ordered massive bombings on key nuclear facilities in Iran.
“Despite a declared ceasefire and ongoing negotiations towards a permanent solution, Iranian-affiliated cyber actors and hacktivist groups may still conduct malicious cyber activity,” says the advisory published by the Cybersecurity and Infrastructure Security Agency, the FBI, the Defense Department’s Cyber Crime Center and the National Security Agency.
The fact sheet suggests that the U.S. government’s cyberintelligence analysts are still seeing possible planning of Iranian cyberattacks.
The notice, marked as government information that can be shared without any restrictions, says Iran-backed hackers launched a global campaign in late 2023 to early 2024 that targeted dozens of U.S. victims in the water and wastewater, energy, food and beverage manufacturing and health sectors.
As part of that campaign, Iran’s Islamic Revolutionary Guard Corps’s Cyber-Electronic Command and the affiliated “Cyber Av3ngers” gang breached U.S. water infrastructure controllers, investigators say.
Hackers have also launched “hack-and-leak” campaigns since that start of the Israel-Hamas war, the agencies say, noting that the moves “combined hacking and theft of data with information operations” like social media threats and harassment that resulted in financial losses and reputational damage for victims. Israeli companies were mostly targeted, but an unnamed U.S. TV streaming service was involved in one instance, the fact sheet says.
Iran’s permanent mission to the United Nations did not immediately respond to a request for comment.
A related advisory was put out last Sunday by the Department of Homeland Security.
During the 2024 election cycle, U.S. agencies concluded that Iran stole sensitive documents from Trump’s presidential campaign and floated them to the media with the hope that they’d be published online.
Iranian spin doctors have been found using artificial intelligence tools to spread disinformation in the U.S. and other nations. An OpenAI blog published last summer disclosed a covert campaign involving fake news websites aimed at influencing American voters, though, according to the company, the effort didn’t get major engagement.
“Iran has several highly-capable teams for offensive cyber operations. U.S.-based organizations should maintain vigilance and accelerate their defensive operational tempos in anticipation of retaliation,” an industry executive with knowledge of Iranian cyber capabilities previously told Nextgov/FCW.
Read the full article here
