Iran-Backed Hackers May Target US Defense Companies Tied to Israel, Agencies Warn

A recent government advisory from four U.S. security agencies has warned that Iranian-affiliated cyber actors and hacktivist groups may still conduct malicious cyber activity despite a declared ceasefire and ongoing negotiations towards a permanent solution with Israel. The warning comes as the world watches the fragile truce between Iran and Israel, which was sparked by President Donald Trump's recent order to bomb key nuclear facilities in Iran.

The advisory, published by the Cybersecurity and Infrastructure Security Agency, the FBI, the Defense Department's Cyber Crime Center, and the National Security Agency, highlights the increased risk of being targeted by Iranian-backed hackers and other cybercriminals backing Tehran. American defense firms with holdings or relationships with Israeli companies are particularly at risk, according to the agencies.

"Despite a declared ceasefire and ongoing negotiations towards a permanent solution, Iranian-affiliated cyber actors and hacktivist groups may still conduct malicious cyber activity," says the advisory. The fact sheet suggests that U.S. government's cyberintelligence analysts are still seeing possible planning of Iranian cyberattacks. The notice is marked as government information that can be shared without any restrictions.

The warning comes amid a global campaign by Iran-backed hackers, which began in late 2023 and targeted dozens of U.S. victims in various sectors, including water and wastewater, energy, food and beverage manufacturing, and health. As part of this campaign, the Islamic Revolutionary Guard Corps's Cyber-Electronic Command and the affiliated "Cyber Av3ngers" gang breached U.S. water infrastructure controllers, investigators say.

Additionally, hackers have launched "hack-and-leak" campaigns since the start of the Israel-Hamas war, combining hacking with theft of data and information operations like social media threats and harassment that resulted in financial losses and reputational damage for victims. While Israeli companies were mostly targeted, an unnamed U.S. TV streaming service was involved in one instance, according to the fact sheet.

Iran's permanent mission to the United Nations did not immediately respond to a request for comment on the advisory. However, a related advisory was put out last Sunday by the Department of Homeland Security, warning about the ongoing threat from Iranian cyber actors.

The warning comes as Iran has been accused of using artificial intelligence tools to spread disinformation in the U.S. and other nations. An OpenAI blog published last summer disclosed a covert campaign involving fake news websites aimed at influencing American voters. While the effort didn't gain much traction, it highlights the Iranian government's increasing capabilities in cyber warfare.

"Iran has several highly-capable teams for offensive cyber operations," said an industry executive with knowledge of Iranian cyber capabilities. "U.S.-based organizations should maintain vigilance and accelerate their defensive operational tempos in anticipation of retaliation." With the fragile truce between Iran and Israel holding, the U.S. government must remain vigilant against the ongoing threat from Iranian-backed hackers.