Iranian-backed hackers go to work after US strikes

WASHINGTON — Hackers backing Tehran have targeted U.S. banks, defense contractors and oil industry companies following American strikes on Iranian nuclear facilities — but so far have not caused widespread disruptions to critical infrastructure or the economy.

But that could change if the ceasefire between Iran and Israel collapses or if independent hacking groups supporting Iran make good on promises to wage their own digital conflict against the U.S., analysts and cyber experts say.

The U.S. strikes could even prompt Iran, Russia, China and North Korea to double down on investments in cyberwarfare, according to Arnie Bellini, a tech entrepreneur and investor.

Bellini noted that hacking operations are much cheaper than bullets, planes or nuclear arms — what defense analysts call kinetic warfare. America may be militarily dominant, he said, but its reliance on digital technology poses a vulnerability.

''We just showed the world: You don't want to mess with us kinetically,'' said Bellini, CEO of Bellini Capital. ''But we are wide open digitally. We are like Swiss cheese."

Hackers have hit banks and defense contractors

Two pro-Palestinian hacking groups claimed they targeted more than a dozen aviation firms, banks and oil companies following the U.S. strikes over the weekend.

The hackers detailed their work in a post on the Telegram messaging service and urged other hackers to follow their lead, according to researchers at the SITE Intelligence Group, which tracks the groups' activity.

The attacks were denial-of-service attacks, in which a hacker tries to disrupt a website or online network.

''We increase attacks from today,'' one of the hacker groups, known as Mysterious Team, posted Monday.

Federal authorities say they are on guard for additional attempts by hackers to penetrate U.S. networks.

The Department of Homeland Security issued a public bulletin Sunday warning of increased Iranian cyber threats. The Cybersecurity and Infrastructure Security Agency issued a statement Tuesday urging organizations that operate critical infrastructure like water systems, pipelines or power plants to stay vigilant.

While it lacks the technical abilities of China or Russia, Iran has long been known as a ''chaos agent'' when it comes to using cyberattacks to steal secrets, score political points or frighten opponents.

Cyberattacks mounted by Iran's government may end if the ceasefire holds and Tehran looks to avoid another confrontation with the U.S. But hacker groups could still retaliate on Iran's behalf.

In some cases, these groups have ties to military or intelligence agencies. In other cases, they act entirely independently. More than 60 such groups have been identified by researchers at the security firm Trustwave.

These hackers can inflict significant economic and psychological blows. Following Hamas' Oct. 7, 2023, attack on Israel, for instance, hackers penetrated an emergency alert app used by some Israelis and directed it to inform users that a nuclear missile was incoming.

''It causes an immediate psychological impact," said Ziv Mador, vice president of security research at Trustwave's SpiderLabs, which tracks cyberthreats.

Economic disruption, confusion and fear are all the goals of such operations, said Mador, who is based in Israel. ''We saw the same thing in Russia-Ukraine.''

Collecting intelligence is another aim for hackers

While Iran lacks the cyberwarfare capabilities of China or Russia, it has repeatedly tried to use its more modest operations to try to spy on foreign leaders — something national security experts predict Tehran is almost certain to try again as it seeks to suss out President Donald Trump's next moves.

Last year, federal authorities charged three Iranian operatives with trying to hack Trump's presidential campaign. It would be wrong to assume Iran has given up those efforts, according to Jake Williams, a former National Security Agency cybersecurity expert who is now vice president of research and development at Hunter Strategy, a Washington-based cybersecurity firm.

''It's fairly certain that these limited resources are being used for intelligence collection to understand what Israel or the U.S. might be planning next, rather than performing destructive attacks against U.S. commercial organizations,'' Williams said.

The Trump administration has cut cybersecurity programs and staff

Calls to bolster America's digital defense come as the Trump administration has moved to slash some cybersecurity programs as part of its effort to shrink the size of government.

CISA has placed staffers who worked on election security on leave and cut millions of dollars in funding for cybersecurity programs for local and state elections.

The CIA, NSA and other intelligence agencies also have seen reductions in staffing. Trump abruptly fired Gen. Timothy Haugh, who oversaw the NSA and the Pentagon's Cyber Command.

The Israel-Iran conflict shows the value of investments in cybersecurity and cyber offense, Mador said. He said Israel's strikes on Iran, which included attacks on nuclear scientists, required sophisticated cyberespionage that allowed Israel to track its targets.

Expanding America's cyber defenses will require investments in education as well as technical fixes to ensure connected devices or networks aren't vulnerable, said Bellini, who recently contributed $40 million toward a new cybersecurity center at the University of South Florida.

There is a new arms race when it comes to cyberwar, Bellini said, and it's a contest America can't afford to lose.

''It's Wile E. Coyote vs. the Road Runner,'' Bellini said. "It will go back and forth, and it will never end.''