Iran-backed hackers go to work after US strikes

Hackers backing Tehran have targeted US banks, defence contractors and oil industry companies following American strikes on Iranian nuclear facilities — but so far have not caused widespread disruptions to critical infrastructure or the economy.

But that could change if the ceasefire between Iran and Israel collapses or if independent hacking groups supporting Iran make good on promises to wage their own digital conflict against the US, analysts and cyber experts say.

The US strikes could even prompt Iran, Russia, China and North Korea to double down on investments in cyberwarfare, according to Arnie Bellini, a tech entrepreneur and investor.

Bellini noted that hacking operations are much cheaper than bullets, planes or nuclear arms — what defence analysts call kinetic warfare. America may be militarily dominant, he said, but its reliance on digital technology poses a vulnerability.

“We just showed the world: You don't want to mess with us kinetically,” said Bellini, CEO of Bellini Capital. “But we are wide open digitally. We are like Swiss cheese."

Hackers have hit banks and defence contractors

Two pro-Palestinian hacking groups claimed they targeted more than a dozen aviation firms, banks and oil companies following the US strikes over the weekend.

The hackers detailed their work in a post on the Telegram messaging service and urged other hackers to follow their lead, according to researchers at the SITE Intelligence Group, which tracks the groups' activity.

The attacks were denial-of-service attacks, in which a hacker tries to disrupt a website or online network.

“We increase attacks from today,” one of the hacker groups, known as Mysterious Team, posted on Monday, 23 June.

Federal authorities say they are on guard for additional attempts by hackers to penetrate US networks.

Trump administration postpones crucial classified briefings for US lawmakers on Iran

The Department of Homeland Security issued a public bulletin Sunday warning of increased Iranian cyber threats. The Cybersecurity and Infrastructure Security Agency issued a statement on Tuesday, 24 June, urging organisations that operate critical infrastructure like water systems, pipelines or power plants to stay vigilant.

The DHS issued an NTAS bulletin warning of increased cyber and terror threats to U.S. critical infrastructure from Iran-linked hackers, highlighting the potential for low-level cyberattacks and targeted intrusions amid rising tensions. #CyberSecurity #Iran https://t.co/TuiXXL1J3J

— Cyber_OSINT (@Cyber_O51NT) June 23, 2025

While it lacks the technical abilities of China or Russia, Iran has long been known as a “chaos agent” when it comes to using cyberattacks to steal secrets, score political points or frighten opponents.

Cyberattacks mounted by Iran's government may end if the ceasefire holds and Tehran looks to avoid another confrontation with the US. But hacker groups could still retaliate on Iran's behalf.

In some cases, these groups have ties to military or intelligence agencies. In other cases, they act entirely independently. More than 60 such groups have been identified by researchers at the security firm Trustwave.

These hackers can inflict significant economic and psychological blows. Following Hamas' 7 October 2023, attack on Israel, for instance, hackers penetrated an emergency alert app used by some Israelis and directed it to inform users that a nuclear missile was incoming.

“It causes an immediate psychological impact," said Ziv Mador, vice president of security research at Trustwave's SpiderLabs, which tracks cyberthreats.

Economic disruption, confusion and fear are all the goals of such operations, said Mador, who is based in Israel. “We saw the same thing in Russia-Ukraine.”

Collecting intelligence is another aim for hackers

While Iran lacks the cyber warfare capabilities of China or Russia, it has repeatedly tried to use its more modest operations to try to spy on foreign leaders — something national security experts predict Tehran is almost certain to try again as it seeks to suss out President Donald Trump's next moves.

Last year, federal authorities charged three Iranian operatives with trying to hack Trump's presidential campaign. It would be wrong to assume Iran has given up those efforts, according to Jake Williams, a former National Security Agency cybersecurity expert who is now vice president of research and development at Hunter Strategy, a Washington-based cybersecurity firm.

Iran hacked Trump's campaign information, tried to send to Democrats: US intelligence

“It's fairly certain that these limited resources are being used for intelligence collection to understand what Israel or the US might be planning next, rather than performing destructive attacks against US commercial organisations,” Williams said.

The Trump administration has cut cyber security programmes and staff

Calls to bolster America's digital defence come as the Trump administration has moved to slash some cybersecurity programmes as part of its effort to shrink the size of government.

CISA has placed staffers who worked on election security on leave and cut millions of dollars in funding for cyber security programs for local and state elections.

The CIA, NSA and other intelligence agencies also have seen reductions in staffing. Trump abruptly fired Gen. Timothy Haugh, who oversaw the NSA and the Pentagon's Cyber Command.

The Israel-Iran conflict shows the value of investments in cybersecurity and cyber offence, Mador said. He said Israel's strikes on Iran, which included attacks on nuclear scientists, required sophisticated cyber espionage that allowed Israel to track its targets.

Expanding America's cyber defences will require investments in education as well as technical fixes to ensure connected devices or networks aren't vulnerable, said Bellini, who recently contributed $40 million toward a new cybersecurity centre at the University of South Florida.

There is a new arms race when it comes to cyberwar, Bellini said, and it's a contest America can't afford to lose.

“It's Wile E. Coyote vs. the Road Runner,” Bellini said. "It will go back and forth, and it will never end.”

LIVE West Asia crisis: Iran thanks India, the world for ‘victory’ against Zionist regime and US