The U.S. government warned in late June 2025 that Iranian-linked hackers may target U.S. defense companies and critical infrastructure.
Iranian-affiliated hackers may target United States companies and critical infrastructure operators, particularly defense organizations with holdings or relationships with Israeli research and defense firms, according to an advisory from U.S. government officials in late June 2025. The FBI, National Security Agency, the Department of Defense Cyber Crime Center and the Department of Homeland Security’s civilian cybersecurity defense wing said in a statement issued alongside the advisory that while there are no indications of a coordinated Iranian-linked malicious cyber campaign, organizations should ensure their defenses are up to date.
“Despite a declared ceasefire and ongoing negotiations towards a permanent solution, Iranian-affiliated cyber actors and hacktivist groups may still conduct malicious cyber activity,” the agencies said in the advisory.
Cybersecurity researchers and defenders in Israel and the U.S. have so far seen little Iranian-linked cyber activity of consequence in the wake of the war launched by Israel June 13, followed by U.S. strikes on Iranian nuclear facilities June 22. Iranian state-sponsored hackers are known to exploit existing vulnerabilities in unpatched or outdated software and compromise internet-connected accounts and devices that use default or weak passwords, as well as work with ransomware operators to encrypt, steal and leak sensitive information, the agencies said.
In November 2023, hackers affiliated with the Iranian Revolutionary Guards hacked equipment in water and wastewater treatment systems in multiple states. The attacks targeted an Israeli-made device and came shortly after the October 2023 Hamas attacks on Israel.