Full Report
The United States government has warned of cyber attacks mounted by pro-Iranian groups after it launched airstrikes on Iranian nuclear sites as part of the Iran–Israel war that commenced on June 13, 2025. Stating that the ongoing conflict has created a "heightened threat environment" in the country, the Department of Homeland Security (DHS) said in a bulletin that cyber actors are likely to
Analysis Summary
# Threat Actor: Pro-Iranian Hacktivists and Government-Affiliated Actors (Collective Threat)
## Attribution & Identity
The threat comprises two main categories of actors:
1. **Pro-Iranian Hacktivists:** Independent groups aligned with Iranian interests.
2. **Iranian Government-Affiliated Actors:** Cyber actors formally linked to the Iranian government.
**Known Aliases and Associated Groups:**
* **Team 313:** Specifically mentioned as claiming responsibility for an attack following US actions.
## Activity Summary
This summary pertains to anticipated and reported cyber activities following the U.S. airstrikes on Iranian nuclear facilities (Fordo, Natanz, and Isfahan) as part of the escalated Iran-Israel war commencing June 13, 2025. DHS warns of a "heightened threat environment."
* **Reported Activity:** Pro-Iranian group Team 313 claimed responsibility for a Distributed Denial-of-Service (DDoS) attack against President Trump's Truth Social platform in response to the U.S. military strikes.
* **Anticipated Activity:** DHS bulletin anticipates "low-level cyber attacks" from hacktivists and potential attacks from government-affiliated actors against U.S. networks.
## Tactics, Techniques & Procedures
- **Disruptive Cyber Attacks:** Attacks aimed at causing disruption.
- **Distributed Denial-of-Service (DDoS):** Used by Team 313 against the Truth Social platform.
- **Targeting Poorly Secured Networks:** Both hacktivists and state-aligned actors routinely target vulnerable U.S. networks and internet-connected devices.
## Targeting
- **Sectors:** U.S. networks generally; specific infrastructure targeted included social media/political platforms (e.g., Truth Social).
- **Geography:** United States networks.
- **Victims:** Specific victims mentioned include President Trump's **Truth Social platform**.
## Tools & Infrastructure
- **Malware Families Used:** Not specified in the provided text.
- **Infrastructure (C2, domains, IPs):** Not specified in the provided text.
## Implications
The cyber aggression signals an immediate escalation in the hybrid warfare component of the Iran-Israel conflict, extending into U.S. digital infrastructure as a retaliatory measure against U.S. military actions against Iran. The threat is characterized as potentially ranging from low-level hacktivist disruption to more sophisticated activity from state-backed entities.
## Mitigations
- **Enhancing Network Security:** Focus on securing poorly secured U.S. networks.
- **Device Hardening:** Securing Internet-connected devices against disruptive attacks.
- **General Vigilance:** Increased cybersecurity posture due to the "heightened threat environment" advised by DHS.