Iran’s cyber capabilities, while not as advanced as those of China or Russia, are far from negligible. Groups like CyberAv3ngers, tied to the IRGC, have a track record of targeting critical infrastructure with disruptive tactics. Between November 2023 and January 2024, these actors breached U.S. water and wastewater facilities, exploiting internet-connected devices with default or no passwords. Their defacement message—“You have been hacked, down with Israel”—was a clear signal of their intent to blend geopolitical motives with digital disruption. Such attacks often aim for psychological impact, sowing fear and chaos as much as physical damage.
Experts note that Iran’s strategy often involves “access brokering,” where hackers infiltrate systems and lie in wait, sometimes for years, until a strategic moment arises. This approach mirrors a predator stalking prey, patiently holding onto vulnerabilities until the time is right to strike. Unlike China’s Volt Typhoon, which has prepositioned itself in U.S. water systems with potential wartime sabotage in mind, Iran’s attacks tend to be less sophisticated but more unpredictable. They favor distributed denial-of-service (DDoS) attacks, wiper malware, and phishing campaigns to overwhelm or erase critical systems, often exaggerating their successes for propaganda purposes.
Vulnerable Systems, High Stakes
The fragility of U.S. critical infrastructure is a glaring concern. Many water and healthcare facilities operate with outdated equipment, some running software decades old, making them easy targets for exploitation. Joshua Corman, a cybersecurity expert at the Institute for Security and Technology, likens these vulnerabilities to the “thermal exhaust port” on the Death Star—a single point of failure that can cause catastrophic damage if hit. Most of these facilities lack dedicated cybersecurity staff or budgets to implement robust defenses, leaving them ill-equipped to counter threats like Iran’s CyberAv3ngers or other state-backed groups.
The recent escalation with Iran, following U.S. strikes on June 21, 2025, has put these systems on high alert. The Department of Homeland Security (DHS) issued a National Terrorism Advisory System bulletin on June 22, warning of likely cyberattacks by pro-Iranian hacktivists and government-affiliated actors targeting poorly secured U.S. networks. Hospitals, power grids, and water plants are particularly at risk, given Iran’s history of hitting such targets. For instance, in 2021, the FBI attributed a cyberattack on Boston Children’s Hospital to Tehran, highlighting the real-world consequences of digital warfare on vulnerable populations.
The Broader Geopolitical Context
Iran’s cyber operations are part of a broader “hybrid” warfare strategy, blending digital attacks with physical and psychological tactics. The ongoing Israel-Iran conflict, intensified by the October 7, 2023, Hamas attacks and subsequent Israeli strikes, has fueled a tit-for-tat cyber exchange. Iranian hackers have targeted Israeli hospitals and gas stations, while pro-Israel groups like Predatory Sparrow have hit Iranian financial institutions, including a recent $90 million cryptocurrency heist. U.S. companies and infrastructure could get caught in the crossfire, especially as Iran seeks to retaliate for American military actions.
Unlike Israel, which boasts sophisticated cyber capabilities through units like Unit 8200, Iran’s strength lies in its asymmetric approach. Experts suggest that Iran is more likely to target Israel first but could shift focus to the U.S. if provoked further. The Cybersecurity and Infrastructure Security Agency (CISA) and other federal agencies are urging critical infrastructure operators to bolster defenses, emphasizing measures like multifactor authentication and strong passwords. However, the lack of coordinated federal support, compared to past efforts like CISA’s “Shields Up” program before Russia’s 2022 Ukraine invasion, has raised concerns about preparedness.
Preparing for the Worst
Strengthening U.S. infrastructure against cyber threats requires urgent action. CISA and the FBI recommend basic but effective measures: implementing multifactor authentication, updating passwords on programmable logic controllers (PLCs), and securing internet-connected devices. Information Sharing and Analysis Centers (ISACs) for sectors like food, aviation, and healthcare are also stepping up, sharing real-time threat intelligence to counter Iranian tactics. For example, the Food and Ag-ISAC and IT-ISAC issued a joint alert urging companies to harden defenses against potential supply chain attacks, which could ripple across global networks.
Despite these efforts, the challenge is daunting. Small utilities and hospitals often lack the resources to upgrade legacy systems or hire cybersecurity experts. Iran’s hackers, while not as technically advanced as their Chinese or Russian counterparts, exploit these gaps with persistence and opportunism. The U.S. power grid’s cyberthreat-sharing center and hospital executives are actively monitoring the dark web for signs of Iranian activity, but the sheer scale of vulnerabilities makes comprehensive defense difficult.
A Call for Resilience
As the U.S. navigates this heightened threat environment, the focus must be on resilience. Cyberattacks from Iran may not match the scale of a missile strike, but their potential to disrupt daily life—cutting off water, crashing hospital systems, or halting power—is undeniable. The DHS warning underscores the need for vigilance, but it also highlights a broader truth: the digital battlefield is now inseparable from physical conflicts. For critical infrastructure operators, the priority is clear—patch vulnerabilities, strengthen defenses, and prepare for a fight that could come without warning.
The U.S. has the tools and expertise to counter Iran’s cyber threats, but closing the gap requires investment and coordination. As one expert put it, “With great connectivity comes great responsibility.” The question is whether the nation can act swiftly enough to protect its most vital systems from a determined and unpredictable adversary.
