Back
World News

U.S. Authorities Warn of Expanded Iranian Threats, Cyberattacks Amid Regional Tensions

Generated on: Last updated: 5 sources
View source

U.S. federal authorities have issued warnings regarding potential retaliatory actions by Iran on American soil, citing ongoing U.S. and Israeli operations. These threats reportedly encompass cyberattacks targeting critical infrastructure, physical plots involving sleeper cells and lone actors, and assassination attempts against U.S. officials. The warnings coincide with a reported expansion of pro-Iranian hacking activities into the United States and concerns about staffing challenges within U.S. counterterrorism agencies.

Heightened Threat Landscape and Official Warnings

Federal counterterrorism authorities in the U.S. have alerted local law enforcement about potential retaliatory strikes from Iran, following ongoing U.S. and Israeli operations. Potential methods of retaliation include the activation of sleeper cells, actions by affiliated Iranian groups, lone wolf sympathizers, and targeted cyberattacks.

The Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) have been on a heightened alert status since February 28, the date "Operation Epic Fury" reportedly began. A DHS threat assessment indicated that Iran relies on individuals with pre-existing access to the United States for surveillance and plotting.

On February 28, cryptic messages, beginning with "Tavajjoh!" (Persian for "attention") and containing a sequence of numbers, were broadcast globally on a new shortwave radio frequency. Federal authorities detected this broadcast, describing it as "likely of Iranian origin," and suggested it could serve as an "operational trigger" for "sleeper assets" in the U.S. While a memo reported by ABC News called for heightened vigilance, no specific credible threat has been confirmed.

Expanding Cyber Operations and Targets

Pro-Iranian hacking groups are reportedly expanding their targeting from the Middle East into the United States, raising concerns about digital disruption to U.S. defense contractors, power stations, and water plants. Iran has developed its offensive cyber capabilities and established connections with various hacking groups. Objectives of these cyber operations include disrupting U.S. military support, increasing energy costs, straining cyber resources, and impacting American companies linked to the defense industry.

Recent Cyber Incidents

  • Internet Disruption in Iran: On February 28, Iran’s internet connectivity significantly dropped. U.S. Joint Chiefs of Staff Chairman Gen. Dan Caine confirmed U.S. Cyber Command was involved in "coordinated space and cyber operations" that disrupted Iranian communications and sensor networks.

  • Stryker Cyberattack: U.S. medical technology firm Stryker reported a cyberattack on Wednesday, causing a temporary "global network disruption to our Microsoft environment." The company stated no malware or ransomware was involved and believed the situation was contained. The logo of Handala, a hacking group linked to Iran, reportedly appeared on Stryker's login pages, and the group claimed responsibility on social media. Handala stated the attack was in response to alleged U.S. strikes and its primary objective is data destruction rather than financial gain. Palo Alto Networks describes Handala as directly linked to Iran's Ministry of Intelligence and Security, primarily conducting cyber operations against Israeli targets.

  • Amazon Data Center Damage: Iranian drone strikes reportedly damaged Amazon data centers in the region, affecting facilities in the UAE and causing infrastructure damage near a Bahraini facility. Amazon Web Services confirmed structural damage, power disruptions, and fire suppression activities.

Identified Potential Targets

Iran's semi-official Tasnim News Agency, associated with the Islamic Revolutionary Guard Corps (IRGC), identified major U.S. tech companies—Amazon, Microsoft, Palantir, and Oracle—as potential targets. The agency stated that "Iran's legitimate targets are gradually expanding" with the expansion of regional conflict dimensions. These companies maintain offices and cloud infrastructure across the Middle East.

Anticipated future targets include U.S. defense contractors, government vendors, businesses collaborating with Israel, and critical infrastructure such as hospitals, ports, water plants, power stations, and railways. Hackers have reportedly discussed intentions to target data centers believed to host military communication and targeting systems, as well as accessing cameras in neighboring countries for intelligence gathering.

Attack Methods and Vulnerabilities

Pro-Iranian hackers and their allies often target less secure systems within American cybersecurity, such as local water plants and healthcare facilities, citing limited resources for robust security measures. Common attack methods include:

  • Denial-of-service (DoS) attacks: Overwhelming networks to prevent legitimate user access.
  • Website defacements: Altering website content to disrupt communication.
  • Hack-and-leak operations: Threatening to release stolen sensitive information.

Cybersecurity professionals emphasize the importance of maintaining strong cyber hygiene, including system patching, updated security solutions, and management of user accounts.

Potential International Collaboration

Analysts are monitoring the possibility of Russia, China, or their allied hacking groups providing cyber assistance to Iran. Evidence suggests pro-Iranian hackers in Russia have increased activity, with one group, Z-Pentest, claiming responsibility for disrupting U.S. networks, including closed-circuit video cameras, with timing indicating a focus on U.S. interests. China has reportedly adopted a cautious stance regarding cyber assistance.

Physical Threats and Past Plots

Assassination Plots Against U.S. Officials

  • Following a 2020 U.S. airstrike that killed Iranian Gen. Qassem Soleimani, Iran reportedly sought to target former Secretary of State Mike Pompeo and former National Security Advisor John Bolton.
  • Shahram Poursafi, identified as a member of Iran’s IRGC, was charged by the Department of Justice (DOJ) with attempting to hire individuals to assassinate Bolton between October 2021 and April 2022 for $300,000. Poursafi remains a fugitive.
  • In 2024, Asif Raza Merchant was convicted for a murder-for-hire plot targeting former President Trump and others, and attempting an act of terrorism. Merchant, recruited in Karachi in 2022 or early 2023, reportedly received training from the IRGC.
  • In November 2024, the DOJ charged Farhad Shakeri, an Afghan national residing in Tehran, in a separate plot where he was tasked by the IRGC to hire someone to assassinate former President Trump.

Lone Actor and Domestic Incidents

U.S. officials express concern over "lone actors" radicalized online, who have proven difficult to prevent. International conflicts can act as "accelerants" for disaffected individuals. Recent domestic incidents include:

  • In New York City, federal authorities stated two men, reportedly inspired by the Islamic State, brought homemade bombs to a protest.
  • In Michigan, an individual rammed his vehicle into a synagogue and later died by suicide after being shot by security.
  • In Virginia, a man previously imprisoned on a terrorism conviction reportedly opened fire in a university classroom, yelling "Allahu akbar," before being killed by students.
  • In Austin, Texas, an incident where three were killed and 13 wounded is being examined for a potential "nexus to terrorism" after Iranian leadership was targeted.
  • An FBI bulletin regarding Iran's potential for a drone attack targeting California was later clarified as unverified, with no specific plot known.

Border Security and Iranian Proxies

Counterterrorism experts note a threat from Iranian government-associated proxies, such as Hezbollah and the Houthi movement, with a Rand report indicating Hezbollah had a significant network in Latin America. Former police official Horace Frank mentioned proxies traditionally using California for financing.

In 2023, two Iranian nationals on a U.S. security watch list were apprehended at the Texas-Mexico border. Customs & Border Patrol Commissioner Rodney Scott warned that "thousands of Iranian nationals have been documented entering the United States illegally" between 2022 and 2025. Experts suggest Iranians with government ties may use fake identities, citing a document-forging hub unmasked in São Paulo.

Law Enforcement Preparedness and Agency Challenges

The Los Angeles Police Department (LAPD) has prepared for various threats since the September 11 attacks and maintains a "heightened level of awareness" regarding "lone wolves" potentially inspired by events in the Middle East. Southern California has a large population of Iranian descent.

White House Deputy Press Secretary Anna Kelly stated the U.S. has been prepared for "Operation Epic Fury" and is aware of potential Iranian targets. Kelly also indicated that Iranian ballistic missile attacks have decreased by 90 percent and drone attacks by 83 percent.

Challenges in Counterterrorism System

The U.S. counterterrorism system faces challenges due to experienced national security professionals reportedly departing from the FBI and Justice Department. Retired senior FBI official Frank Montoya commented on a significant loss of experience within counterterrorism personnel, leading to concerns about the capability to address a potential increase in threats.

The Justice Department's National Security Division has seen approximately half of its counterterrorism prosecutors and about a third of its senior leadership depart since the beginning of the Trump administration, according to Justice Connection. A DOJ spokesperson affirmed the division's focus on national security and stated there are no known credible threats to the homeland. Matthew Olsen, who previously led the National Security Division, expressed concern that these agencies are "not as capable as they were a year and a half ago" due to the loss of experienced personnel.