DHS warns of heightened cyber threats from Iran after U.S. strikes on nuclear facilities
By isabelle // 2025-06-24
Copy
 
  • DHS warns of heightened cyberattack and violence risks from Iranian-backed groups following U.S. strikes on Iran’s nuclear facilities.
  • Iran may escalate cyberattacks if a retaliatory fatwa is issued, targeting U.S. infrastructure like power grids and water systems.
  • U.S. forces struck three Iranian nuclear sites, with confirmed damage at Fordow, raising tensions and potential retaliation.
  • Iranian hackers often lurk in U.S. systems, waiting to strike, while pro-Iran groups have already attacked Israeli targets.
  • A fatwa from Iran’s Supreme Leader could trigger domestic extremism, prompting law enforcement to increase security at high-risk locations.
The Department of Homeland Security (DHS) has issued a warning to Americans: The U.S. is now facing an elevated risk of cyberattacks and potential violence from Iranian-backed actors following President Donald Trump’s military strikes on Iran’s nuclear facilities. In a national terrorism advisory bulletin released June 22, DHS stated that “low-level cyber attacks” by pro-Iran hackers are “likely” and cautioned that the threat could escalate if Tehran issues a religious fatwa calling for retaliation. The advisory, which remains in effect until September 22, underscores Iran’s “long-standing commitment” to avenge the 2020 assassination of General Qasem Soleimani—a vow that now looms larger amid heightened tensions. The warning comes just hours after U.S. forces launched precision strikes on three of Iran’s key nuclear sites—Fordow, Isfahan, and Natanz—in an operation dubbed “Midnight Hammer.” While the full extent of the damage remains unclear, the International Atomic Energy Agency (IAEA) confirmed visible destruction at Fordow’s underground enrichment facility. Iran, a known state sponsor of terrorism, has historically leveraged cyber warfare as a tool of asymmetric retaliation, and experts warn that U.S. critical infrastructure—particularly water utilities, power grids, and transportation systems—could be prime targets.

Cyber warfare on the horizon

DHS’s bulletin highlights the immediate risk posed by Iran’s “sophisticated and persistent” cyber operatives, who have repeatedly exploited weak security configurations in U.S. networks. According to Gregory Falco, a Cornell University cybersecurity expert, Iranian hackers often lurk undetected in critical systems, waiting to strike. “They generally are not doing anything; they are quietly hanging out there and waiting to pounce when ready,” Falco told USA Today. “It doesn’t take long for them to take action; it takes long for them to get inside those systems.” Iran’s cyber strategy relies heavily on psychological impact, often exaggerating the scale of its attacks to sow chaos. Pro-Iranian hacktivist groups have already launched more than three dozen cyber operations against Israeli targets since mid-June, ranging from distributed denial-of-service (DDoS) attacks to data leaks. John Hultquist, chief analyst at Google’s Threat Intelligence Group, noted that while Iran has primarily focused on Israel, the U.S. strikes could “reprioritize” American networks for retaliation. “In light of recent developments, the likelihood of disruptive cyberattacks against U.S. targets by Iranian actors has increased,” Hultquist said.

A ticking clock for retaliation

The DHS advisory stresses that the threat level could spike if Iran’s Supreme Leader, Ayatollah Ali Khamenei, issues a fatwa, a religious decree explicitly calling for violence against U.S. interests. While Khamenei refrained from such a move after Soleimani’s killing, the direct U.S. involvement in bombing nuclear sites raises the stakes. The bulletin warns that a fatwa could “motivate violent extremists and hate crime perpetrators” within the U.S., including antisemitic attacks targeting Jewish communities. Federal law enforcement agencies are already on high alert. The New York Police Department announced it was deploying additional resources to “religious, cultural, and diplomatic sites” as a precaution, while the Michigan State Police urged vigilance. Homeland Security Secretary Kristi Noem emphasized the need for preparedness, stating, “It is our duty to keep the nation safe and informed, especially during times of conflict.”

Weak defenses, high stakes

Iran’s cyber operatives have a history of targeting poorly secured critical infrastructure. In recent years, hackers linked to Iran’s Islamic Revolutionary Guard Corps (IRGC) breached water utilities using default passwords and exposed industrial control systems. The Environmental Protection Agency has since worked to shore up vulnerabilities, but experts warn that many systems remain dangerously exposed. With the advisory set to expire in September, DHS and the FBI are urging businesses, local governments, and individuals to bolster cyber defenses. Recommendations include enabling multi-factor authentication, patching known software vulnerabilities, and monitoring for unusual network activity. Whether through cyber sabotage, proxy violence, or domestic extremism, the regime’s retaliation could unfold in unpredictable ways—and the U.S. must be ready. For now, the ball is in Iran’s court. But the shadow war between Tehran and Washington has just entered a dangerous new phase. Sources for this article include: TheEpochTimes.com CybersecurityDive.com CBSNews.com USAToday.com Politico.com
Copy