As the war that began with U.S. and Israeli airstrikes on Iran entered its second week, U.S. intelligence warned of the possibility of Iranian cyber retaliation. The reason, it said, is that Iranian religious leaders urged Muslims worldwide to seek retribution for the death of the supreme leader.
According to a CNN report on the 10th, citing national security sources and internal documents, U.S. intelligence agencies over the past week have issued a series of private warnings to U.S. corporations and government agencies, urging heightened vigilance and strengthened security for potential targets in case the Iranian regime carries out cyberattacks in retaliation for the war.
The Department of Homeland Security (DHS), which has the Office of Intelligence and Analysis (I&A) under it, said in a notice to a U.S. law enforcement agency that "no specific or credible, identified threat has been confirmed," but warned that "the threat environment has escalated since the death of Ayatollah Ali Khamenei, Iran's supreme leader." Khamenei died on the 28th of last month along with top military brass in U.S. and Israeli airstrikes.
In a "critical incident note," DHS cited open-source intelligence (OSINT) to say that two senior Iranian religious leaders each issued a "fatwa" in Persian and urged Muslims worldwide to take revenge for Khamenei's killing.
DHS said in the notice that "these fatwas, the Iranian government's rhetoric, and online messages by regime supporters calling for retaliation against the United States are further heightening the threat from violent extremists who support the Iranian regime."
Earlier, the DHS Office of Intelligence and Analysis, in a threat assessment report released on the 28th of last month immediately after the war broke out, assessed that "while Iran and its proxies may attempt targeted attacks against the United States, the likelihood of large-scale physical attacks is low." The latest warning is a step up from then.
A proclamation by Iran's Islamic Revolutionary Guard Corps (IRGC) also contributed to raising the alert level among U.S. intelligence. In the proclamation, the IRGC warned that "enemies will no longer be safe anywhere in the world, even in their own homes."
A U.S. law enforcement official familiar with the matter said, "Since the United States and Israel began the strikes, the Federal Bureau of Investigation (FBI) has raised its alert posture nationwide." Intelligence agencies are focusing in particular on strengthening cybersecurity for U.S. energy infrastructure, bolstering cyber defenses for government-related targets against sophisticated Iranian cyberattack actors, and enhancing border security.
The likelihood of cyberattacks targeting private corporations has also grown. In a notice to private corporations, U.S. intelligence noted that the U.S. financial institutional sector has historically been a primary target of cyberattacks, warning that "groups linked to Iran continue to claim or call for cyberattacks against U.S. institutions, which could lead to an increase in malicious activity against the financial services institutional sector."
For defense corporations, the FBI and the National Security Agency (NSA) also warned of potential Iranian cyberattacks, noting that "defense corporations that hold assets or partnerships with Israeli research institutes or defense companies are at higher risk of attack."