First cyberattacks of war hint at Iran's playbook against U.S.
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Sarah Grillo/Axios
Cyber activity tied to the escalating war between the U.S., Israel and Iran is already underway, and American companies are starting to feel the effects.
Why it matters: Iran is a formidable, often difficult-to-predict cyber adversary that likely won't be afraid to go after U.S. utilities and government agency systems as the war escalates, experts warn.
Driving the news: Iranian state-linked media last week published a list of major U.S. technology companies that could be targets in the war.
- A pro-Iranian hacker group also claimed responsibility for a cyberattack on U.S.-based medtech company Stryker last week.
- Poland's government said Thursday it foiled a cyberattack, potentially linked to Iran, targeting one of its nuclear research facilities.
Between the lines: These digital strikes offer an early glimpse of how Iran could retaliate against the U.S. and Israel as the war escalates — and what that retaliation could mean for domestic businesses and their customers.
- Nearly a week after the attack, Stryker says its online ordering system remains offline.
- In past conflicts, Iranian hackers have also threatened to tamper with local water supplies on several occasions.
Threat level: What makes Iran a formidable cyber adversary is its unpredictability paired with the scope of its digital resources and preparation.
- Iranian cyber actors are known for laying the groundwork for cyberattacks and influence operations months or even years before geopolitical tensions escalate.
- Like Russia, Tehran often relies on proxy groups, including hacktivists and ransomware gangs, to carry out attacks. That makes it harder for governments to respond with sanctions, indictments or other diplomatic tools.
- Russian-linked hacktivists also appear to be aligning with Iran in the current conflict, allegedly targeting Israeli critical infrastructure.
Zoom in: Researchers at Symantec and Carbon Black said they found evidence that Iranian hackers installed backdoors on the networks of several U.S. companies in late February.
- A consortium of industry-specific Information Sharing and Analysis Centers — which coordinate cyber threat information sharing across critical infrastructure sectors — also issued an advisory last week warning companies to prepare for potential digital retaliation.
The intrigue: Adversaries' growing influence capabilities add another layer of risk. Advances in AI have made it easier to generate and manage large networks of bot accounts that can distort information online.
- On Sunday, President Donald Trump accused Iran of using AI as a "disinformation weapon" — and claimed, without evidence, that the regime was working closely with Western news organizations to spread those stories.
- A recent New York Times investigation found more than 110 unique AI-generated images and videos about the war circulating on social media platforms over the last two weeks. Collectively, these videos have been seen millions of times on TikTok, Facebook, X and private messaging apps.
What to watch: The war is still in its early stages, and U.S. companies are being urged to review their cybersecurity defenses as the risk of further attacks grows.
