Cybersecurity professionals are warning of an increased risk of hacks and digital attacks emanating from Iran that everyone needs to prepare for amid the escalating Israel-Iran war.
Potential U.S. targets include critical infrastructure, American elected officials and media outlets, according to Theresa Payton, former White House chief information officer in President George W. Bush’s administration.
Ms. Payton, CEO at cyber firm Fortalice Solutions, said entities within the energy, finance and transportation sectors need to be especially vigilant.
“Iran might first target energy and finance for maximum disruption — public pain points that cripple daily life,” Ms. Payton told The Washington Times. “Remote access points for maintenance are prime targets, as Iran exploits unpatched systems. With Iran, if they have a successful cyber intrusion, they may want to make a loud, visible blow.”
Ms. Payton said people should be on the lookout for artificial intelligence-enabled phishing campaigns designed to breach sensitive communications and industrial control systems.
The Islamic Republic’s goal is to sow chaos and ramp up geopolitical tension, according to Ms. Payton, who said the private sector should proactively contact the federal government to better defend their networks.
“Businesses must contact FBI InfraGard for tailored threat briefings and deploy zero-trust defenses now,” Ms. Payton said. “Every American should verify suspicious emails and texts to thwart Iran’s digital playbook.”
The State Department is also requesting Americans’ help to disrupt Iranian cyberattackers.
On the eve of Israel’s strikes against Iran last week, the State Department posted a message on X requesting tips and offering a $10 million reward for information that helps hunt down hackers linked to the Iranian regime, including “Mr. Soul.”
“CyberAv3ngers, which is associated with the online persona Mr. Soul, has launched a series of malicious cyber activities against U.S. critical infrastructure on behalf of Iran’s Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC),” the message said. “CyberAv3ngers actors have utilized malware known as IOCONTROL to target ICS/SCADA devices used by critical infrastructure sectors in the United States and worldwide.”
The IONCONTROL malware aimed at industrial control systems and supervisory control and data acquisition systems is believed to be part of a campaign against Western internet-of-things and operational technology devices, according to New York-based cybersecurity firm Claroty.
Claroty said in December 2024 that IOCONTROL was a custom-built cyberweapon targeting civilian infrastructure that was generic enough to run on a variety of platforms from different vendors.
The malware was built for Internet-of-Things devices, or hardware that connects to the internet, but it could directly impact operational tech devices such as fuel pumps at gas stations, per Claroty.
The firm said it knew the cyberweapon was involved in the compromise of “Israel-made Orpak Systems and U.S.-made Gasboy fuel management systems in Israel and the United States.”
Since last week’s physical attacks between Israel and Iran, some cyber professionals monitoring digital threats have spotted changes in Iranian-aligned cyberattackers’ behavior.
“Shortly after the news of the military operation became public, we observed an increase in activity by threat actors aligned with Iran on their public and private Telegram channels,” said American cybersecurity firm Radware on its website on June 13.
For example, Radware said last week it observed a cyber actor using the name “#OpIsrael” sharing a message about attacks targeting the Israeli public address system that notifies civilians of potential missile strikes.
Radware observed another hacktivist issuing a warning on Telegram to Jordan and Saudi Arabia saying their infrastructure would face cyberattacks if they helped Israel.
The Telegram chats of activist hackers and others aligned with the regime highlight the cyber threats spreading from Iran are not limited to custom-built cyberweapons sponsored by the regime.
“Even if it’s not directly the Iran government, it could be Iran sympathizers,” Ms. Payton said regarding Iranian cyber threats. “If Iran escalates cyberattacks, America will likely see it where disruption hits hardest.”
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.