The Department of Homeland Security (DHS) put the nation on alert Sunday to the dangers of cyberattacks and other retaliatory measures that could be launched by Iran following the June 21 bombings of Iranian nuclear facilities by the United States.
“The ongoing Iran conflict is causing a heightened threat environment in the United States,” DHS said in a National Terrorism Advisory Bulletin issued on June 22.
“Low-level cyberattacks against US networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian government may conduct attacks against US networks,” DHS said.
Both hacktivists and Iranian government-affiliated actors “routinely target” poorly secured U.S. networks and Internet-connected devices for disruptive cyberattacks, the agency said.
The alert issued on Sunday, DHS said, runs through Sept. 22.
In the same advisory, DHS warned that “Iran also has a long-standing commitment to target US Government officials it views as responsible for the death of an Iranian military commander killed in January 2020.”
“The likelihood of violent extremists in the Homeland independently mobilizing to violence in response to the conflict would likely increase if Iranian leadership issued a religious ruling calling for retaliatory violence against targets in the Homeland,” DHS said.
Separately, former Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly took to social media on Sunday to urge “SHIELDS UP” to U.S. critical infrastructure owners and operators who she said should be “vigilant for malicious cyber activity.”
“While it’s unclear whether its cyber capabilities were at all impacted by recent Israeli strikes, Iran has a track record of retaliatory cyber operations targeting civilian infrastructure, including: water systems; financial institutions; energy pipelines; government networks; and more,” Easterly said.
In particular, she said critical infrastructure operators should be on the lookout for credential theft and phishing campaigns, wipers disguised as ransomware, hacktivist fronts and false-flag ops, and targeting of ICS/OT systems.
“The playbook is known,” Easterly said, adding, “so is the response, and it’s not rocket science.”
Separately, John Hultquist, who is chief analyst at the Google Threat Intelligence Group, said in a social media post on Sunday that it’s important not to “overhype” the threat posed by potential Iran-directed cyberattacks.
“Remember that Iran leverages its cyberattack capability for psychological purposes,” Hultquist said. “There is a real, practical risk to enterprises, but it’s important that we don’t overhype the threat here and give them the win they’re after.”
“I’m most concerned about cyber espionage against our leaders and surveillance aided by compromises in travel, hospitality, telecommunications, and other sectors where data could be used to identify and physically track persons of interest,” he said.