Cyber Threat Overview Iran

Cyber Threat Overview: Iran

Iran engages in persistent, brazen cyber activity against the United States and our allies. Iranian cyber actors attempt to infiltrate U.S. networks, target dissidents, conduct cyberattacks, and carry out influence campaigns.

Since 2010, Iran has invested heavily in enhancing its cyber capabilities, leading to a rise in attacks on U.S. infrastructure—including hospitals, telecommunications providers, and defense contractors. The FBI is focused on countering these threats to protect national security and public safety.

Iranian cyber tactics

Iranian hackers often exploit targets of opportunity based on unpatched or outdated software with known vulnerabilities. They use techniques like automated password guessing, hash cracking, and inputting default manufacturer passwords to target networks and devices. They may collude with cybercriminal groups to deploy ransomware attacks and leak sensitive information. Recently, hacktivist groups affiliated with the Islamic Revolutionary Guard Corps (IRGC) have targeted Israeli-made industrial equipment in multiple critical infrastructure sectors, causing disruptions across multiple U.S. states.

Iranian cyber actors have attempted to interfere in U.S. elections by stealing information from political campaigns and engaging in voter intimidation efforts. The Iranian regime has also shown a willingness to retaliate against U.S. officials linked to high-profile events, leveraging its cyber program to advance such threats.

The FBI remains vigilant, actively releasing advisories and collaborating with private sector partners to strengthen defenses against these persistent threats. By informing the public and enhancing cybersecurity measures, the FBI aims to reduce the risks posed by Iranian cyber activities and protect national interests.

News and alerts

View more FBI Cyber news and alerts.

Additional resources