The Department of Homeland Security issued a National Terrorism Advisory Bulletin (NTAS) on June 22, 2025, warning about cyberattack risks related to recent tensions between the US and Iran. This alert follows U.S. airstrikes on June 21, 2025, which targeted key Iranian nuclear facilities, Fordow, Natanz, and Isfahan, under President Donald Trump’s orders, in an attempt to neutralize what he’s called “the nuclear threat posed by the world’s No. 1 state sponsor of terror.”
The DHS bulletin, set to expire on September 22, 2025, flagged the increased likelihood of low-level cyberattacks against U.S. networks by pro-Iranian hacktivists and potential actions from Iranian government-affiliated actors. “Low-level cyber attacks against U.S. networks by pro-Iranian hacktivists are likely, and cyber actors affiliated with the Iranian government may conduct attacks against U.S. networks,” the alert stated.
Iran’s Longstanding Cyber Strategy
The DHS alert emphasized that Iranian-affiliated groups have a long history of targeting poorly secured U.S. networks and internet-connected devices for disruptive cyberattacks, primarily through DDoS attacks. Brian Harrell, former DHS assistant secretary, has also pointed out the increase in Iran’s capabilities. “Iran’s cyber strategy is likely [in] cooperation with Russia, which, given current tensions, could be a real possibility,” Harrell noted, referencing the 2012 Shamoon virus that crippled over 30,000 computers in major energy companies.
In 2024, Iranian-backed cyber actors breached U.S. water infrastructure in response to Israel’s military actions against Iran. The bulletin warned that similar tactics might be used to retaliate against U.S. airstrikes on Iran’s nuclear sites.
Growing Use of Social Engineering
The DHS bulletin also noted Iran’s increasing use of social engineering tactics. Shortly after the U.S. airstrikes, an Iranian hacker group claimed responsibility for a DDoS attack on Trump’s social media platform, Truth Social. This attack, which briefly took the platform offline, followed Trump’s announcement of the strikes on Iran’s nuclear facilities.
Additionally, Iranian-backed groups have utilized artificial intelligence tools for spreading disinformation, as explained in a previous OpenAI blog. The report detailed how Iranian actors used fake news websites to influence U.S. voters during the 2024 election cycle. Although the campaign failed to gain significant traction, it demonstrated the persistence of Iranian information warfare tactics.
Risk of Retaliatory Violence
The DHS alert also addressed the risk of physical violence in the U.S., noting that Iranian supporters and extremist groups might mobilize in response to the ongoing conflict. The alert warned that the threat of hate crimes or attacks against individuals perceived as Jewish, pro-Israel, or linked to the U.S. government or military could increase.
“The conflict could also motivate violent extremists and hate crime perpetrators seeking to attack targets perceived to be Jewish, pro-Israel or linked to the U.S. government or military in the homeland,” the DHS added.
Preventative Measures and Public Awareness
Given the increased risks from Iranian-linked cyber actors, DHS advises U.S. businesses, government agencies, and individuals to follow cybersecurity best practices and stay vigilant. The department recommends employing DDoS mitigation strategies and monitoring for signs of data exfiltration or any unauthorized access attempts. Organizations are encouraged to report suspicious activities to local law enforcement, or the FBI through the National Suspicious Activity Reporting Initiative.
Comments on Ceasefire Talks
Meanwhile, on June 24, 2025, President Trump publicly voiced his frustration with the ongoing conflict between Iran and Israel in spite of initiatives to broker a ceasefire. “These guys got to calm down. Ridiculous,” Trump remarked after a missile attack from Iran targeted Israel, escalating tensions. Trump had earlier brokered a ceasefire between the two nations, but the violence continued, with Israel confirming a missile strike that killed four people in Israel.
The rising tensions between Israel and Iran have already contributed to heightened threat assessments across global security environments. The DHS alert also noted that if Iranian leadership issues a religious ruling calling for retaliatory violence, there could be an increase in extremist actions within the U.S.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
Questions or concerns? Feel free to reach out to us any time –
https://www.netizen.net/contact
