US defense companies doing business in Israel are at increased risk of cyberattacks from Iran despite anIsrael-Iran ceasefire, American cybersecurity and defense agencies warned Monday.
“Based on the current geopolitical environment, Iranian-affiliated cyber actors may target U.S. devices and networks for near-term cyber operations,” said theadvisoryfrom the Cybersecurity and Infrastructure Security Agency, FBI, National Security Agency and the Department of Defense Cyber Crime Center.
US defense contractors, “particularly those possessing holdings or relationships with Israeli research and defense firms, are at increased risk,” the agencies said.
Iran and Israel have for years conducted intense cyber operations against each other. US officials are increasingly concerned that US organizations with ties to Israel could be caught in the crosshairs.
Iran wasallegedly behinddestructive cyberattacks in 2023 against organizations in the Israeli education and technology sectors. Earlier this month, a pro-Israel hacking groupstole$90 million from Iran’s largest cryptocurrency exchange, claiming it was revenge against the IRGC.
After the US military dropped massive bombs on Iranian nuclear sites over a week ago, US critical infrastructure such as hospitals and water plants have been onhigh alertfor any Iranian retaliation in cyberspace. There haven’t been any high-impact Iranian hacks of US organizations reported yet, but Iran’s history of aggressive and unpredictable cyber operations has senior US officials paying close attention.
CNN has requested comment on the new US advisory from Iran’s permanent mission to the United Nations.
After the Hamas terrorist attack on Israel in October 2023, hackers linked with Iran’s Islamic Revolutionary Guard Corps scanned the internet for Israeli-made industrial software installed at water plants and other facilities across the US, according to US officials. The global hacking campaign included dozens of US victims in the water, energy, food and beverage and health sectors, the new advisory says.
That alleged pro-Iranian hacking spree, which did not take advanced skill and exploited weak US defenses, affected people who never expected to be the target of someone allegedly sitting in Tehran. In one case, the hackers forced a water utility in a small town outside of Pittsburgh to operate pump stations manually.
“That was maybe the furthest thing from my mind,” Robert J. Bible, the general manager of the Municipal Water Authority of Aliquippa,told CNNin November 2023, referring to being caught up in cyberattacks related to the Israel-Gaza war. “Especially for a community. We only serve 15,000 people. You wouldn’t put two and two together.”
An overriding goal of Iranian hacking operations is psychological, according to experts. The hackers use online personas to exaggerate their exploits, and they have aggressively tried to get journalists to write about their activity. Those personas have been active online in recent days, claiming successful cyberattacks on a variety of targets after Israel attacked Iran more than two weeks ago.
“If it’s there, and vulnerable, they have a higher likelihood of targeting it,” one US official, who was monitoring potential Iranian hacking threats to critical infrastructure, previously told CNN