American hospitals and essential infrastructure are reportedly on alert, anticipating Iran-backed cyberattacks in response to the US strikes on Tehran’s nuclear facilities, CNN reported on Tuesday, citing informed sources.
In the days since the Saturday strikes, the US power grid’s cyberthreat-sharing monitor has reportedly begun monitoring the dark web for signs of Iranian activity, and hospital executives have been briefed by the Federal Bureau of Investigation (FBI).
While Iran and Israel are abiding by a shaky ceasefire agreement, experts have warned that Tehran may still seek revenge against the US for its involvement in the war, beyond attacks on US bases in the region. Cyberattacks allow Tehran to target the US in a way that is not limited by the countries’ geographical distance and follows a previous pattern of the regime. The FBI blamed Tehran for a 2021 cyberattack against a Boston children’s hospital.
“Iran’s kinetic retaliation is already in motion, and the digital dimension to that may not be far behind,” Adam Meyers, a senior vice president at cybersecurity firm CrowdStrike, told CNN on Monday. “This cyber element is what lets them extend their reach, and there’s an air of deniability to it.”
Department of Homeland Security (DHS) intelligence analysts have also previously warned that Iran may “target” US officials if Tehran believes the regime is at risk, according to a DHS bulletin from Sunday obtained by CNN.
“Low-level cyber attacks against US networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian government may conduct attacks against US networks,” DHS said in a public advisory Sunday.
The warnings to hospitals and essential infrastructure reported by CNN also came only a day before the Associated Press reported that US banks, defense contractors, and oil industry companies have come under attack by Tehran-supporting pro-Palestinian hackers.
Two pro-Palestinian hacking groups claimed responsibility for attacks on over a dozen aviation firms, banks and oil companies since the US strikes, AP reported.
Iran's cyberattacks against Israel
Beyond targeting the US, Tehran may continue its war against Israel with cyberattacks. The National Cyber Directorate issued an urgent warning to homeowners with security cameras and business owners to immediately change their camera access passwords on Friday morning, ahead of the US attacks.
"The enemy may use home cameras for espionage and detecting vulnerabilities," the Directorate’s official statement cautioned.
Since the warning, the Iranian group Handala claimed responsibility for the Sunday morning hacking of the X/Twitter account of the Israel Antiquities Authority.
The activists made a post on the Israel Antiquities Authority's X page, with a picture of an Iranian missile and Supreme Leader Ayatollah Ali Khamenei, along with text that read "Soon, all Israeli commanders will face the consequences of their war crimes. Nothing will stop the day when a harsh revenge is exacted on those who have committed such heinous acts."
Handala has previously claimed responsibility for cyberattacks against Israel. In January, the Iranian group claimed responsibility for breaching the emergency systems of Maager-Tec at 20 kindergartens across Israel, playing rocket sirens, Arabic messages, and songs that support terror.
Yinon Ben Shoshan and Jerusalem Post Staff contributed to this report.