Iran-linked hacking groups have increased their cyber activity after recent missile strikes by the US and Israel. They are running digital scans, spying operations, and distributed denial-of-service (DDoS) attacks across the Middle East.
Researchers say most confirmed activity so far has targeted Israel and Persian Gulf countries, but they warn that US organizations should also prepare for possible attacks.
Iran Probing Mobile Apps and APIs Before Attacks
According to mobile app security firm Approov, Iranian hackers started running more advanced probing attacks in early February. They focused on APIs and mobile apps used for government communications in the region.
This activity appears to have stopped on February 27. Experts think this pause may be linked to an internet blackout inside Iran at the start of the conflict.
JP Castellanos, threat intelligence director at Binary Defense, said Iranian groups seemed to be placing malware on systems before open military action began. This is a common tactic: attackers quietly pre-position tools so they can launch more disruptive attacks later.
Iran Hackers Launch DDoS, Ransomware, and Disinformation Campaigns
Researchers at Check Point saw intrusions linked to a group called Cotton Sandstorm (also known as Haywire Kitten). The group is believed to be connected to Iran’s Islamic Revolutionary Guard Corps (IRGC).
They have reportedly used an information-stealing tool called WezRat in spearphishing emails that pretend to be urgent software updates. In some cases, these campaigns were followed by ransomware attacks against Israeli targets.
Analysts also noticed that older online personas have reappeared, claiming they hacked industrial control systems in Israel, Jordan, Turkey, Poland, and Gulf states. Experts say many of these public claims are likely exaggerated or part of wider disinformation efforts.
“Iran has historically mixed real intrusions with inflated or fabricated claims to amplify psychological impact,” one analyst said.
US Organizations Could Be the Next Target
So far, there are no publicly confirmed attacks on US organizations during this latest wave of activity. Still, researchers believe such attacks are likely.
Sectors at highest risk include:
- Defense contractors and government suppliers
- Organizations that work with or share infrastructure with Israel
- Critical infrastructure providers, such as energy or water utilities
- Companies that use Israeli-made industrial technology
In the past, Iranian hackers have targeted water systems and other operational technology (OT) in the US. They often used default passwords and custom malware. While these earlier attacks caused limited physical damage, they showed that attackers could reach sensitive systems.
A Long-Running Iranian Cyber Campaign
Experts say the current situation looks like a long-term cyber campaign that mixes spying, disruption, ransomware-style attacks, and information warfare.
They expect disinformation to grow, especially on social media with bots. People should expect to see more dramatic claims about sabotage and damage to infrastructure, many of which may not be true.
Security firms recommend that organizations:
- Quickly patch critical systems
- Review user access and remove unused or default accounts
- Closely monitor third-party and supply-chain risks
- Strengthen phishing awareness training for employees
Researchers generally agree that cyber operations will continue alongside the physical conflict. They warn that organizations in the US, Israel, and Gulf states should treat the risk as immediate, not theoretical.
Thank you for being a Ghacks reader. The post Iranian Hackers Ramp Up Cyberattacks on US and Israel After Recent Strikes appeared first on gHacks.
0 Commentaires