Today, CISA, in collaboration with the Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA), released a joint Fact Sheet titled “Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest.” This document is a direct response to increasing cyber activity from Iranian state-sponsored or affiliated threat actors, including hacktivists and government-linked groups, who are expected to escalate their operations due to recent geopolitical events.
The Fact Sheet emphasizes that, although there are currently no indications of a coordinated campaign of malicious cyber activity in the U.S. directly attributed to Iran, organizations—especially those in critical infrastructure—are urged to remain vigilant. Iranian cyber actors have historically exploited vulnerabilities such as unpatched or outdated software, default or weak passwords on internet-connected devices, and have conducted disruptive cyberattacks, including DDoS campaigns and ransomware attacks.
Key recommendations from the Fact Sheet include:
• Identifying and disconnecting operational technology and industrial control systems devices from the public internet
• Protecting devices and accounts with strong, unique passwords
• Applying the latest software patches
• Implementing phishing-resistant multifactor authentication for access to OT networks
• Reviewing and updating incident response plans
• Rehearsing critical system recovery efforts
Organizations are also encouraged to report suspicious or criminal activity related to potential Iranian cyber threats to the relevant authorities. The Fact Sheet is intended to provide actionable guidance to help strengthen defenses against this evolving cyber threat.
Below is the introduction to the fact sheet.
Publish Date
June 30, 2025
Related topics:
CISA, the Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA) published Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest. This joint fact sheet details the need for increased vigilance for potential cyber activity against U.S. critical infrastructure by Iranian state-sponsored or affiliated threat actors.
Defense Industrial Base companies, particularly those possessing holdings or relationships with Israeli research and defense firms, are at increased risk.
At this time, we have not seen indications of a coordinated campaign of malicious cyber activity in the U.S. that can be attributed to Iran. However, CISA urges owners and operators of critical infrastructure organizations and other potentially targeted entities to review this fact sheet to learn more about the Iranian state-backed cyber threat and actionable mitigations to harden cyber defenses. For an overview of the Iranian threat, refer to CISA’s Iran Threat Overview and Advisories and the FBI’s The Iran Threat webpages.
You can read and download the full text of the fact sheet below.
