TL;DR: The Iranian government has been behind several cyberattacks on US organizations over the years. Now, the Department of Homeland Security has warned of an increased threat of both cyberattacks and physical attacks from the nation following US strikes on its nuclear facilities over the weekend.
Homeland Security has warned that low-level cyberattacks against US networks by pro-Iranian hacktivists and cyber actors affiliated with the Iranian government are likely.
The advisory adds that the likelihood of extremists in Iran independently mobilizing to violence in response to the conflict would likely increase if Iranian leadership issued a religious ruling calling for retaliatory violence against American targets.
The DHS notes that both hacktivists and Iranian government-affiliated actors routinely target poorly secured US networks and internet-connected devices for disruptive cyberattacks.
Between November 2023 and January 2024, the IRGC-linked hacktivist group "Cyber Av3ngers" waged a campaign against small US water and wastewater sites running Israeli-made Unitronics PLCs. After finding internet-exposed controllers still using default (or no) passwords, the group logged in, wiped the ladder-logic, changed port settings, renamed devices "Gaza," and plastered the screens with the message "You have been hacked, down with Israel." Federal investigators say at least 75 Unitronics devices – including 34 at US water utilities – were compromised across multiple states; the most visible incident briefly knocked a pressure-booster pump offline at the Municipal Water Authority of Aliquippa, PA, until operators switched to manual mode, averting service disruption.
James Turgal, a 22-year FBI veteran and VP of global cyber risk at Optiv, told The Register that he expects Iran's retaliation to come in the form of destructive wiper and malware cyberattacks against US Government websites, the financial services sector, and critical infrastructure entities such as water and power.
Turgal added that an Iran-aligned hacking group, 313 Team, took credit for a DDoS attack on Donald Trump's Truth Social network within hours of the strikes on Iranian nuclear facilities.
Turgal said he also expects to see many Russian-style fake propaganda videos and accounts, especially on social media. While deepfakes are commonly used in these instances, several pro-Iranian videos have been circulating showing footage from Arma 3 and War Thunder, alongside claims that they are real clips of Israeli jets being shot down.
O momento em que o avançado caça israelense F-35 foi interceptado e destruído pelos sistemas de defesa do exército da República Islâmica do Irã; veja VÍDEO pic.twitter.com/V6H1dwAq8r
– BLOG ALDO ALMEIDA (@BLOGALDOALMEIDA) June 15, 2025
It's not just cyberattacks, either; there's the risk of increased assassination attempts against Americans – the DHS post warns that Iran has a long-standing commitment to target US government officials and critics of its regime. "US law enforcement has disrupted multiple potentially lethal Iranian-backed plots in the United States since 2020," according to the agency. "During this timeframe, the Iranian government has also unsuccessfully targeted critics of its regime who are based in the Homeland for lethal attack."