Homeland Security warns businesses to brace for Iranian cyberattacks

Homeland Security is warning U.S. companies to “consider and assess” the possible impacts and threat of a cyberattack on their businesses following heightened tensions with Iran.

It’s the first official guidance published by the government’s dedicated cyber advisory unit, the Cybersecurity and Infrastructure Security Agency, just days after the killing of a leading Iranian military commander, Qasem Soleimani. The U.S. government had accused Soleimani of targeting and killing U.S. personnel across the Middle East.

Soleimani, an Iranian general who was slated as second-in-command in Iran’s leadership, was killed on Friday by a U.S drone strike authorized by President Trump. The same drone strike killed Abu Mahdi al-Muhandis, a deputy in a coalition of Iran-backed militias in neighboring Iraq.

In its latest advisory, posted Monday, CISA said that the increased geopolitical tensions “may result in cyber and physical attacks against the homeland and also destructive hybrid attacks by proxies against U.S. targets and interests abroad.”

The agency said Iran and its allies could launch “disruptive and destructive cyber operations” against strategic targets, such as phone and energy companies, and also carry out “cyber-enabled espionage” that aim to better understand U.S. foreign policy decision making.

CISA also warned of disinformation campaigns, as well as kinetic attacks — including bombings. Companies should take precautions in the event of cyberattacks — such as setting up offline backups, the agency advised.

The warnings come shortly after security experts in the private sector warned of the possibility of retaliatory action following the drone strikes.

“We will probably see an uptick in espionage, primarily focused on government systems, as Iranian actors seek to gather intelligence and better understand the dynamic geopolitical environment,” said John Hultquist, director of intelligence analysis at cybersecurity firm FireEye. “We also anticipate disruptive and destructive cyberattacks against the private sphere,” he said.

Iran is one of the world’s most powerful adversaries in cyberspace, experts say.

Tehran has a considerable arsenal of offensive cyber tools, including wipers — malware designed to infiltrate computers and destroy data. Hackers associated with Iran have been active in targeting facilities in the Middle East in recent years. Dmitri Alperovitch, who co-founded security firm Crowdstrike, said in a tweet that Iran may target critical infrastructure, such as energy grids and financial institutions.

More recently, Microsoft said it had notified thousands of customers over the past year who have been targeted by nation-state attackers, including hackers associated with Iran. The software and services giant previously took legal action against Iranian-controlled domains in an effort to disrupt their cyber activities. In October, Microsoft said Iranian hackers targeted a 2020 presidential candidate, which Reuters later confirmed was President Trump’s reelection campaign.

The move to assassinate Soleimani was widely panned by both opponents and allies of the Trump administration. Critics say the government had not thought of the consequences of the strike, including both Iranian retaliation with kinetic force but also cyberattacks.

Sen. Ron Wyden, a senior lawmaker on the Senate Intelligence Committee, said the killing was “a reckless escalation that will take us further down the road to ruinous war.” Meanwhile in a lengthy tweet thread, Rep. Elissa Slotkin, a former CIA analyst who served under President Bush, also criticized the action.