On the night of June 22, 2025, the United States carried out a large-scale attack on three Iranian nuclear sites. Seven B-2 stealth bombers dropped bombs that caused "monumental damage" to infrastructure, according to Washington. Several days after the offensive decreed by Donald Trump, Iran retaliated by attacking a US military base in Qatar. According to the American president, "Iran officially responded to our destruction of its nuclear facilities with a very weak response, which we expected and which we countered very effectively.".
Nevertheless, the consequences of the American assault may not be limited to this. Ali Akbar Velayati, an advisor to Iran's Supreme Leader, said that "America has attacked the heart of the Islamic world and must expect irreparable repercussions, as the Islamic Republic does not tolerate any insult or aggression against it."
The Threat of Iranian Hacktivists
In an advisory published on June 22, 2025, the U.S. Department of Homeland Security indicated that it fears a wave of cyberattacks orchestrated by hacker groups close to Iran. The department expects that pro-Iranian hacktivists will soon carry out "attacks against American networks" as a form of retaliation.
Homeland Security is particularly concerned about "low-level" attacks orchestrated by supporters of the Iranian regime. As the statement points out, "the Iranian government has publicly condemned the direct involvement of the United States in the conflict" with Israel, which could push hacktivists to take action. Washington is likely to fear, for example, DDoS attacks, designed to disrupt a website's servers in order to send a message.
Cybercriminals in the pay of Iran
Furthermore, hackers close to the Iranian government could also target infrastructure. The Department of Homeland Security points out that Iran has a small army of cybercriminals specializing in espionage and data theft.
Among the hackers in Tehran's payroll is Br0k3r, a gang also known as Pioneer Kitten, Fox Kitten, UNC757, Paraiste, RUBIDIUM, and Lemon Sandstorm. Active since 2017, it specializes in espionage operations, especially against Israeli targets. "Hacktivists and actors linked to the Iranian government regularly target poorly secured networks and devices in the United States to conduct disruptive cyberattacks," adds Homeland Security.
In a response to 01net, Google echoed the same sentiment. John Hultquist, lead analyst at the Google Threat Intelligence Group, believes that "given recent events, the risk of disruptive cyberattacks by Iranian actors against American targets is significantly increasing.".
One of the main cyber threats to the United States
A few months ago, the United States had already identified Iran as one of the main cyber threats facing Americans. The Cybersecurity and Infrastructure Security Agency (CISA) has been ordered to focus on threats from Tehran, as well as China. Beijing is the second most likely nation to carry out attacks on U.S. soil, according to the Trump administration.
Nevertheless, it's important not to overestimate Iranian hackers, Google cautions. Indeed, "Iran's track record with cyberattacks is uneven, and these operations are often amplified or distorted in their communication to maximize their psychological reach." In fact, it is "essential not to overestimate their impact, at the risk of inadvertently relaying their propaganda strategy."
Source: DHS
0 Comments