Infrastructure authorities and federal agents continue to keep a watchful eye for potential cyberattacks linked to Iran
In 2025, there has been a significant surge in cyberattacks linked to Iranian actors, targeting critical infrastructure sectors in the United States. This escalation, occurring amid ongoing Middle East conflicts, has been a cause for concern despite warnings issued by the U.S. Department of Homeland Security (DHS).
Iranian state-affiliated groups and pro-Iran hacktivists have intensified their campaigns, using various tactics such as phishing, ransomware, DDoS attacks, and exploitation of vulnerabilities. Sectors like energy, healthcare, finance, and transportation have been particularly affected.
The DHS highlighted this escalation in a June 22, 2025, National Terrorism Advisory System Bulletin, explicitly connecting the increased risks to current geopolitical tensions involving Iran. These cyber operations aim to disrupt services and steal sensitive data, supporting Iran’s strategic interests, indicating a significant cyber threat environment.
The threat has not been limited to the U.S., with Iranian cyber operations being active extensively against Israel following conflicts in 2023 and 2025. This demonstrates Tehran’s broader regional cyber warfare posture that relies heavily on asymmetric, covert cyber tactics due to limitations in conventional military responses.
Security teams are closely coordinating to monitor for suspicious activity in response to the potential threats from Iran-linked actors or hacktivist groups. As of now, there are no known credible threats to New Yorkers or the homeland, according to the Cybersecurity and Infrastructure Security Agency (CISA).
The state of New York remains in close contact with federal, state, and local partners on any new or evolving cybersecurity-related issues. New York State's Office of Information Technology Services is operating at heightened awareness, including protections against tactics, techniques, and procedures previously used by Iran and their allies.
CISA is actively coordinating with government, industry, and international partners to share actionable intelligence and strengthen collective defense. An apparent truce announced by President Donald Trump on Monday has lowered international tensions, but officials remain on guard for potential threat activity.
Researchers at Radware have observed a large increase in claimed distributed denial-of-service (DDoS) activity targeting U.S. critical infrastructure, including finance, government, and military-linked manufacturing. Israeli cyber firm Check Point Software reported that pro-Iran hacktivists are claiming responsibility for DDoS attacks on U.S. targets.
DHS Secretary Kristi Noem spoke to state governors and local officials about the potential threats on Sunday, emphasising the need for vigilance and preparedness. The warned attacks could target poorly configured water utilities and other systems.
Despite these concerns, a report from internet monitoring firm Censys on Monday stated that Iran has been in a near-total internet blackout since June 18. The Information Technology Information Sharing and Analysis Center and the Food and Agriculture Information Sharing and Analysis Center have not seen any confirmed attacks against their sectors in connection with the Iran threat.
In conclusion, while the situation remains fluid and requires continued vigilance, the collective efforts of security teams and coordination among partners are crucial in mitigating these cyber threats and protecting critical infrastructure.
- The escalated cyberattacks, attributed to Iranian actors, have raised privacy concerns as they target critical infrastructure sectors, specifically energy, healthcare, finance, and transportation, using tactics like phishing, ransomware, DDoS attacks, and exploitation of vulnerabilities.
- Technology plays a significant role in these cyber threat operations, as Iranian groups and hacktivists intensify their campaigns to disrupt services and steal sensitive data, supporting Iran’s strategic interests in the context of geopolitical tensions.
- In response to these threats, the Cybersecurity and Infrastructure Security Agency (CISA) emphasizes the importance of collaboration among security teams, federal partners, and international allies in sharing actionable intelligence to strengthen collective defense and protect against potential attacks.
