The FBI and NSA, along with other U.S. cyber agencies, have issued a serious warning today about possible cyberattacks from hackers linked to Iran.
These attacks could target important U.S. infrastructure like energy, healthcare, water systems, and defense-related companies.
While there’s no sign of an active cyberattack campaign right now, CISA (the Cybersecurity and Infrastructure Security Agency) is urging critical infrastructure organizations to stay alert. This comes as tensions continue to rise in the Middle East, and because Iran-linked hackers have carried out similar attacks in the past.
In a joint report, the agencies said that U.S. defense contractors and research companies with ties to Israel could be at higher risk. Other sectors like energy, water, and healthcare should also prepare for possible threats.
Iranian hackers are known for using weak points in security — like unpatched software or default passwords — to break into systems. A key example was in November 2023, when hackers tied to Iran’s Islamic Revolutionary Guard Corps (IRGC) broke into a water facility in Pennsylvania by exploiting online-connected control systems.
These groups often carry out DDoS attacks (which flood and crash websites) or deface websites with political messages. They tend to promote their actions on platforms like X (formerly Twitter) and Telegram, often acting as hacktivists during times of global conflict.
Some of these hackers have also been seen working with ransomware gangs, especially Russian ones like NoEscape, RansomHouse, and ALPHV (also called BlackCat). In many cases, Israeli companies were the main targets — with hackers encrypting files and leaking stolen data. In more extreme attacks, they used data-wiping tools instead of ransomware to completely destroy systems.
How to Stay Protected
To help prevent these attacks, CISA, the FBI, NSA, and DoD recommend organizations follow these key security steps:
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
- Keep operational technology (OT) and control systems off the public internet. Limit remote access to them.
- Change default passwords and use strong, unique ones for all accounts and devices.
- Turn on multi-factor authentication (MFA) wherever possible.
- Update software regularly, especially systems that are connected to the internet.
- Watch for strange activity in your network and servers.
- Create and test incident response plans to make sure your backups and recovery options are ready if something happens.
