Several U.S. agencies warned Monday that hackers affiliated with Iran may still target U.S. entities and networks despite the current ceasefire between Israel and Iran.
Defense companies tied to Israeli research and defense firms face an “increased risk,” the Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, Department of Defense Cyber Crime Center and National Security Agency noted.
“Despite a declared ceasefire and ongoing negotiations towards a permanent solution, Iranian-affiliated cyber actors and hacktivist groups may still conduct malicious cyber activity,” they wrote in a joint bulletin.
The agencies underscored that Iranian hackers often exploit “targets of opportunity,” including the use of unpatched or outdated software and default or common passwords on devices connected to the internet.
They urged operators and owners of critical infrastructure, as well as other U.S. entities, to take steps to strengthen their cybersecurity, such as disconnecting certain systems from the public internet, updating passwords, adding multifactor authentication and applying software patches.
The Department of Homeland Security previously warned about the potential for “low-level” cyberattacks against U.S. networks after President Trump ordered strikes on three Iranian nuclear sites earlier this month.
Iranian-aligned hackers claimed responsibility for a cyberattack on Trump’s Truth Social platform, which saw a surge in reports of problems shortly after the U.S. strikes on Fordow, Natanz and Esfahan.
