The IT Nerd

A DHS NTAS Bulletin is out that everyone should read given the escalated situation between the US and Iran:

The ongoing Iran conflict is causing a heightened threat environment in the United States. Low-level cyber attacks against US networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian government may conduct attacks against US networks. Iran also has a long-standing commitment to target US Government officials it views as responsible for the death of an Iranian military commander killed in January 2020. The likelihood of violent extremists in the Homeland independently mobilizing to violence in response to the conflict would likely increase if Iranian leadership issued a religious ruling calling for retaliatory violence against targets in the Homeland. Multiple recent Homeland terrorist attacks have been motivated by anti-Semitic or anti-Israel sentiment, and the ongoing Israel-Iran conflict could contribute to US-based individuals plotting additional attacks.

Tom Pace, former Head of Cyber for the Department of Energy (DoE) and current CEO of NetRise, provides his thoughts on what CISOs in the US are doing to prepare for potential retaliatory cyberattacks by Iran:

CISOs are moving quickly to prepare for potential Iranian retaliation in cyberspace by tightening access controls, validating backups, and watching for TTPs tied to groups like APT33 and APT34, which are tied to Iran. Coordination with ISACs and federal partners is essential to stay current on threat intelligence and emerging attack patterns.

This moment reinforces the urgency of visibility to know what code is running where, what it’s connected to, and whether it’s vulnerable or end-of-life. Software supply chain security is no longer an abstract concept. It’s a frontline defense against adversaries who exploit opaque systems. CISOs are asking: if Iranian actors drop a custom wiper tomorrow, would we know which systems could execute it?

Iran is going to be targeting low-hanging fruit vulnerabilities that they know they can exploit, or target outdated SOHO routers and infrastructure for the purposes of creating low to moderate scale botnets.

China tends to have very explicit goals and outcomes that they are pursuing, which tend to center around intelligence gathering and positioning. Iran may be looking to cause more destruction, given the attacks on their country. These targets may be small and incapable of defending themselves and hold little to no strategic value, but Iran needs to have a response that provides the illusion that they are a competent actor on the world stage.

This threat while being directed at the US may spill over to countries that are aligned with the US. Thus if you’re responsible for defending your organization from cyberattacks, consider this a heads up to redouble your efforts regardless of where you are.

This entry was posted on June 23, 2025 at 1:29 pm and is filed under Commentary with tags DHS, Iran. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.