Introduction
Iran-linked hacking groups have intensified their cyber operations following recent missile strikes by the US and Israel. These attacks include digital scans, espionage, and distributed denial-of-service (DDoS) campaigns, primarily targeting Israel and Gulf states. However, experts warn that US organizations remain at risk and should prepare for potential breaches.
Iranian Hackers Probing Mobile Apps and APIs
According to mobile app security firm Approov, Iranian hackers launched advanced probing attacks in early February, focusing on APIs and mobile apps used for government communications. This activity paused on February 27, possibly due to an internet blackout in Iran. Threat intelligence director JP Castellanos noted that Iranian groups often pre-position malware before open military action, enabling faster, more disruptive attacks later.
DDoS, Ransomware, and Disinformation Campaigns
Check Point researchers linked intrusions to Cotton Sandstorm (Haywire Kitten), an Iran-backed group tied to the Islamic Revolutionary Guard Corps (IRGC). The group used WezRat malware in spearphishing emails disguised as software updates. Some campaigns escalated to ransomware attacks on Israeli targets. Analysts also observed resurfaced online personas claiming to hack industrial systems in Israel, Jordan, and Gulf states, though many claims are likely exaggerated.
Why US Organizations Should Stay Alert
While no confirmed US attacks have occurred yet, experts predict imminent threats. High-risk sectors include:
- Defense contractors and government suppliers
- Organizations with ties to Israel
- Critical infrastructure providers (energy, water utilities)
- Companies using Israeli-made industrial technology
Past Iranian attacks on US water systems used default passwords and custom malware, demonstrating access to sensitive systems without causing major physical damage.
Long-Term Cyber Campaign and Mitigation Strategies
Experts view this as a sustained campaign blending espionage, disruption, and disinformation. Social media bots are expected to amplify false claims about infrastructure sabotage. Security firms recommend:
- Patching critical systems
- Reviewing user access and removing default accounts
- Monitoring third-party risks
- Enhancing phishing awareness training
Cyber operations will likely continue alongside physical conflicts. Organizations in the US, Israel, and Gulf states must treat this threat as immediate.
Conclusion
The surge in Iranian cyberattacks underscores the need for proactive cybersecurity measures. By addressing vulnerabilities and staying informed, organizations can mitigate risks in this evolving landscape. Stay vigilant and prioritize system security to protect against emerging threats.
FAQs
1. Are Iranian hackers targeting the US?
Yes, experts warn US organizations are at risk due to their ties to Israel and critical infrastructure roles.
2. What tactics do Iranian hackers use?
They employ DDoS attacks, ransomware, phishing, and disinformation campaigns to disrupt systems and spread fear.
3. How can organizations defend against these attacks?
Focus on patching systems, removing default accounts, and training employees to recognize phishing attempts.
4. Are Iranian cyberattacks a new phenomenon?
No, Iran has a history of targeting US water systems and industrial technology with custom malware.
5. Why do Iranian hackers exaggerate their claims?
Exaggerated claims amplify psychological impact and create uncertainty, a tactic Iran has used historically.








