The US government has warned of a heightened risk of cyber-attacks by Iran state-sponsored threat actors and hacktivist groups following American military strikes against Iranian targets over the weekend.

The warning was part of a National Terrorism Advisory System Bulletin issued by the US Department of Homeland Security (DHS) on June 22.

“The ongoing Iran conflict is causing a heightened threat environment in the US. Low-level cyber-attacks against US networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian government may conduct attacks against US networks,” the advisory read.

On June 21, US President Donald Trump announced to the nation that the US military had conducted air strikes on Iranian nuclear facilities, which he described as a “spectacular military success,” resulting in enrichment facilities being “completely and totally obliterated.”

The strikes came amid an ongoing conflict between Israel and Iran over the Tehran regime’s alleged nuclear ambitions.

The DHS believes that US citizens and entities are now at heightened risk of physical and cyber revenge attacks after the direct US military engagement in the conflict.

“The likelihood of violent extremists in the Homeland independently mobilizing to violence in response to the conflict would likely increase if Iranian leadership issued a religious ruling calling for retaliatory violence against targets in the Homeland,” the advisory added.

Iran’s Targeting of US Infrastructure and Politicians

The DHS advisory noted that both hacktivist and Iranian government-affiliated actors routinely target poorly secured US networks and Internet-connected devices for disruptive cyber-attacks.

Western officials have consistently warned about the threat from Iranian cyber actors to critical infrastructure in the past year.

In February 2025, the US government slammed Iran for “destabilizing and potentially escalatory” cyber-attacks on critical infrastructure, and issued sanctions against six senior officials of the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC) it believes were behind cyber-attacks on an Israeli manufacturer of programmable logic controllers (PLCs) used in the water sector and other critical infrastructure organizations.

In October 2024, intelligence and law enforcement agencies in Australia, Canada and the US warned about an Iran-backed year-long campaign during which hackers used brute force and other techniques to compromise organizations across multiple critical infrastructure sectors.

In the run up to the US Presidential election in November 2024, it was revealed that Iranian state-backed threat actors had targeted candidates to try and sow discord and access sensitive data.

This included the hack of one of Trump’s campaign websites.

How US Organizations Can Prepare for Iranian Cyber-Attacks

John Hultquist, chief analyst, Google Threat Intelligence Group, explained that since the October 7 terror attacks on Israel by Hamas, Iran has primarily focused its disruptive cyber-attack efforts on Israel.

With the latest US intervention increasing the likelihood of such attacks on US targets, he said it is important for individual organizations to be extra vigilant by following best practice advice.

“Iran has had mixed results with disruptive cyber-attacks and they frequently fabricate and exaggerate their effects in an effort to boost their psychological impact. We should be careful not to overestimate these incidents and inadvertently assist the actors. The impacts may still be very serious for individual enterprises, which can prepare by taking many of the same steps they would to prevent ransomware,” Hultquist noted.

He added: “Iran already targets the US with cyberespionage which they use to directly and indirectly gather geopolitical insight and surveil persons of interest. Persons and individuals associated with Iran policy are frequently targeted through organizational and personal accounts and should be on the lookout for social engineering schemes.

“Individuals are also targeted indirectly by Iranian cyberespionage against telecoms, airlines, hospitality, and other organizations who have data that can be used to identify and track persons of interest."