Iranian Hackers Intensify Cyberattacks on US and Israel Amid Region Tensions

In recent weeks, Iran-linked hacking groups have significantly ramped up their cyber activity following a series of missile strikes by the US and Israel in the region. These Iranian hackers are now conducting digital scans, espionage operations, and distributed denial-of-service (DDoS) attacks across the Middle East, with most confirmed targets being Israel and Persian Gulf countries.

Researchers warn that US organizations should also prepare for possible attacks, as they have a history of being targeted by Iranian hackers. The recent surge in cyber activity is attributed to Iranian groups probing mobile apps and APIs before launching their attacks. According to mobile app security firm Approov, these probing operations started early February, focusing on government communications in the region.

Experts believe that this pause in activities may be linked to an internet blackout inside Iran at the start of the conflict. JP Castellanos, threat intelligence director at Binary Defense, noted that Iranian groups have been placing malware on systems before open military action began, which is a common tactic used by attackers to pre-position tools for more disruptive attacks later.

Recently, researchers at Check Point detected intrusions linked to a group called Cotton Sandstorm (also known as Haywire Kitten), believed to be connected to Iran's Islamic Revolutionary Guard Corps (IRGC). They have reportedly used an information-stealing tool called WezRat in spearphishing emails that pretend to be urgent software updates. In some cases, these campaigns were followed by ransomware attacks against Israeli targets.

Analysts also noticed that older online personas have reappeared, claiming they hacked industrial control systems in Israel, Jordan, Turkey, Poland, and Gulf states. However, experts say many of these public claims are likely exaggerated or part of wider disinformation efforts. "Iran has historically mixed real intrusions with inflated or fabricated claims to amplify psychological impact," one analyst said.

While there have been no publicly confirmed attacks on US organizations during this latest wave of activity, researchers believe that such attacks are likely. In the past, Iranian hackers have targeted water systems and other operational technology (OT) in the US, often using default passwords and custom malware. Although these earlier attacks caused limited physical damage, they demonstrated that attackers could reach sensitive systems.

Experts say the current situation resembles a long-term cyber campaign that mixes spying, disruption, ransomware-style attacks, and information warfare. They expect disinformation to grow, especially on social media with bots. People can expect to see more dramatic claims about sabotage and damage to infrastructure, many of which may not be true.

Researchers generally agree that cyber operations will continue alongside the physical conflict. As a result, organizations in the US, Israel, and Gulf states should treat the risk as immediate, not theoretical. By staying vigilant and proactive, they can minimize their exposure to potential attacks and ensure business continuity during these uncertain times.

In conclusion, the recent surge in cyber activity by Iranian hackers is a concerning development that highlights the evolving nature of modern warfare. As the situation continues to unfold, it is essential for organizations and individuals to remain informed and prepared for the potential threats posed by state-sponsored actors.