News brief: Strikes on Iran put cybersecurity teams on alert
Check out the latest security news from the Informa TechTarget team.
The joint U.S.-Israeli strikes this week against Iran have resulted in retaliatory actions across the Gulf region that range from military to cyber.
Pro-Iran groups have launched cyberattacks, lashing out against Israel, America and their allies in a demonstration of how cyber and physical warfare intersect. These responses have been described as a form of hacktivism -- politically motivated attacks intended to advance ideological or geopolitical reasons rather generate financial gain.
Sophos' Counter Threat Unit Research Team said on Tuesday it has seen a surge in pro-Iran hacktivist activity since the military actions began with the Feb. 28 bombings in Tehran, with several hacktivist groups sharing misinformation and inciting violence. "Iranian groups routinely target publicly disclosed vulnerabilities rather than exploiting zero-days, so organizations should prioritize patching vulnerabilities listed in CISA's Known Exploited Vulnerabilities Catalog," the researchers wrote.
Companies, especially those in utilities, should be extra vigilant, the Foundation for Defense of Democracies advised. "Iranian hackers have in the past successfully compromised critical components of essential services because utilities misconfigured systems, did not change default passwords or failed to install software patches to fix known vulnerabilities," the nonpartisan research organization wrote in brief published Wednesday.
This week's features news demonstrates that best practices in cybersecurity matter even more in moments of geopolitical danger.
Pro-Iran cyberattacks target energy and defense companies
The US-Israeli military strikes on Iran have triggered a wave of retaliatory cyberattacks from Iran-linked groups. These attacks include DDoS hits, critical infrastructure breaches and data exfiltration campaigns targeting the U.S., Israel and their allies. Groups tied to Iran's Islamic Revolutionary Guard Corps and Ministry of Intelligence and Security, along with sympathetic hacktivists, have launched operations under campaigns described as #OpIsrael.
Key targets include Saudi Arabia's Aramco facility, an AWS data center in the United Arab Emirates, and Israeli defense and energy systems. Hacker groups such as Cotton Sandstorm and the FAD Team have executed SQL injection campaigns, leaked sensitive data and disrupted critical services in Bahrain, Saudi Arabia and Qatar. Pro-Iranian and pro-Russian groups, including the Cyber Islamic Resistance and NoName057(16), have also joined the fray, targeting Israeli infrastructure and defense systems.
Researchers warn of intensified cyberthreats aimed at causing global economic disruption and infrastructure damage. To mitigate risks from this escalating conflict, experts encourage cybersecurity teams to implement MFA and enhance monitoring.
Read the full article by Elizabeth Montalbano on Dark Reading.
Hackers sympathetic to Iran exploit IP camera vulnerabilities
Iran-linked hackers have intensified attacks on surveillance cameras, targeting critical vulnerabilities in Hikvision and Dahua products, according to Check Point Research. Exploited flaws include a command injection vulnerability (CVE-2023-6895), a remote-command execution vulnerability (CVE-2025-34067) and an authentication bypass flaw (CVE-2021-33044).
The attacks, focused on the Persian Gulf and Middle East regions, have impacted devices in Israel, Cyprus, Lebanon, Qatar, Kuwait and other states. Researchers noted these cyber activities often precede missile strikes, echoing tactics from the 2025 Israel-Iran conflict and the 2023 Israel-Hamas war.
Hackers affiliated with the Islamic Revolutionary Guard Corps have previously used similar exploits to target U.S. water facilities and other critical infrastructure sectors.
At precarious time, turmoil surrounds CISA leadership
CISA's ability to address escalating cyberthreats, including those from Iran-linked actors, has come into question as the agency struggles with depleted resources and a lack of Senate-confirmed leadership. CISA's acting director was pushed out of the agency's top spot just a week ago, and the Trump administration's stalled nomination for permanent director might be in trouble.
Sean Plankey departed his position in the Department of Homeland Security this week. While Plankey framed his DHS exit as voluntary, sources suggest he was escorted out of a government building over conflicts within CISA and strained relations with Homeland Security Secretary Kristi Noem, who was removed from her post on Thursday.
There's some confusion about whether Plankey remains the Trump administration's top choice to lead CISA. CBS News reported that Plankey's renomination in January might have been the result of an administrative error. The White House denied any error.
Read the full article by Eric Geller on Cybersecurity Dive.
Editor's note: An editor used AI tools to aid in the generation of this news brief. Our expert editors always review and edit content before publishing.
Phil Sweeney is an industry editor and writer focused on cybersecurity topics.
