Security researchers are warning that the outbreak of direct hostilities between Israel and Iran may soon lead to malicious cyberattacks against critical infrastructure sites in the U.S. from state-linked actors, hacktivist groups and cyber criminals.
State-backed and hacktivist cyber threats against Israel and the U.S.’s Middle Eastern allies are escalating, according to researchers at Radware. Experts have seen a spike in pro-Iran threat activity on Telegram and other public channels.
Threat actors have warned Saudi Arabia and Jordan to expect attacks on their critical infrastructure if they help Israel in its conflict with Iran, and activist groups have claimed to have disrupted Israeli radio stations.
While cyberattacks have thus far mainly targeted entities in the Middle East, researchers say U.S. infrastructure providers should harden their defenses against both direct intrusions and supply chain attacks targeting their third-party vendors.
“Iranian cyber activity has not been as extensive outside of the Middle East but could shift in light of the military actions,” John Hultquist, chief analyst at Google Threat Intelligence Group, said Friday.
“Targets in the United States could be reprioritized for action by Iran’s cyber threat capability,” Hultquist said. “Iranian cyber espionage activity already targets the U.S. government, military, and political set, but new activity may threaten privately owned critical infrastructure, or even private individuals.”
Security leaders in multiple sectors are raising concerns about a spike in Iran-linked threat activity, citing previous hacks that followed Hamas’s Oct. 7, 2023, attacks on Israel and Israel’s subsequent invasion of Gaza.
Google previously issued guidance on how Iran-aligned groups were targeting entities in both Israel and the U.S. in connection with the Gaza conflict.
One of the most serious attacks, conducted by a collection of Iranian hacktivists and operatives working for Tehran, targeted the U.S. water sector by exploiting flaws in Israeli-made industrial equipment.
“These actors are increasingly sophisticated and often overlap strategically with the goals of state-sponsored objectives,” said Scott Algeier, executive director of the Information Technology Information Sharing and Analysis Center and the Food and Agriculture Information Sharing and Analysis Center. “These hacktivist groups will leverage a variety of tactics, including the exploitation of vulnerable systems, targeted spear-phishing, and data collection, and are known to carry out both disruptive and destructive attacks.”
Critical infrastructure organizations need to harden their networks, educate themselves about Iran-affiliated threat groups and begin heightened monitoring for suspicious activity, according to a joint statement from the Food and Ag-ISAC and IT-ISAC.
