In brief: Iran has accused the US of using hidden backdoors or pre-positioned botnets to disable networking equipment inside the country during recent military strikes. It claims that devices from Cisco, Juniper, Fortinet, and MikroTik either rebooted or dropped offline at critical moments.
The allegation, first pushed by Iranian state media and later by foreign outlets and Chinese publications, centers on hardware failures said to have occurred even while Iran remained largely cut off from the global internet.
According to reports from Fars and Entekhab, Tehran believes the disruptions point to deep sabotage rather than routine technical faults.
One theory is that malicious code was embedded in firmware or bootloaders and triggered at a predetermined time; another is that a covert botnet had already been planted on the affected devices and activated during the attacks.
That doesn't mean the claim has been proven. Independent verification is next to impossible because Iran has spent weeks heavily restricting internet access.
NetBlocks said this week that he country's blackout had stretched beyond 50 days, while Al Jazeera reported that authorities were still offering limited, tiered connectivity through "Internet Pro" and less restricted "white SIM" access for selected groups. Essentially, the same blackout Tehran says should have prevented outside interference also makes the accusation far harder to verify.
The vendors named by Iran have a history of security issues. NSA documents leaked by Edward Snowden in 2014 showed the agency intercepting Cisco routers in transit and installing implants before delivery.
Juniper, meanwhile, disclosed unauthorized code in ScreenOS in 2015 that could allow remote administrative access and VPN decryption.
Fortinet has also faced scrutiny over hardcoded SSH credentials in older FortiOS builds, while MikroTik gear has repeatedly surfaced in botnet and backdoor research.
China has been quick to seize the opportunity to gloat (see the image above). Chinese state media and cyber agencies have echoed Iran's claims as further evidence that Washington, not Beijing, is the real backdoor superpower.
The US has not publicly addressed the specific allegation, although it has already acknowledged cyber operations as part of Operation Epic Fury.