On June 30, 2025, a Joint Advisory was issued by the National Security Agency, the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation and the Department of Defense Cyber Crime Center issued a Joint Cybersecurity Information Sheet (CIS) titled “Iranian Cyber Actors May Target Vulnerable U.S. Networks and Entities of Interest,” warning that:
Despite a declared ceasefire and ongoing negotiations towards a permanent solution, Iranian Islamic Revolutionary Guard Corps (IRGC)-affiliated cyber actors—including hacktivists and Iranian government-affiliated actors—may target U.S. devices and networks for near-term cyber operations. These actors have historically targeted poorly secured U.S. networks and internet-connected devices for disruptive cyberattacks, often exploiting targets of opportunity, outdated software, and the use of default or common passwords on internet-connected accounts and devices.
The CIS further notes that “Iranian state-sponsored or affiliated threat actors are likely to significantly increase their Distributed Denial of Service (DDoS) campaigns, and potentially also conduct ransomware attacks.” The CIS notes that Defense Industrial Base companies, “particularly those possessing holdings or relationships with Israeli research and defense firms,” are at particular increased risk.
Therefore, the CIS recommends that “organizations, especially those within U.S. critical infrastructure, [should] remain vigilant for the outlined potential targeted malicious cyber activity.”
The CIS outlines the tools and techniques utilized to target vulnerable networks and devices, including unpatched or outdated software, or using compromised, default or common passwords on internet-connected accounts and devices. The threat actors also:
Use techniques such as automated password guessing, cracking password hashes using online resources, and inputting default manufacturer passwords. When specifically targeting operational technology (OT), these malicious cyber actors also use system engineering and diagnostic tools to target entities such as engineering and operator devices, performance and security systems, and vendor and third-party maintenance and monitoring systems.
The CIS provides strategies that entities can deploy to prevent or mitigate the attacks, which are helpful tools to prepare during this time of increased risk.
[View source.]
