“Despite a declared ceasefire and ongoing negotiations towards a permanent solution, Iranian-affiliated cyber actors and hacktivist groups may still conduct malicious cyber activity,” the agencies warned.
The warning of continued cyberthreats after a halt to conventional warfare reflects the often opaque nature of cyber conflict. Hacking groups may have only loose ties to a nation state, and may seek to retaliate as an alternative to traditional military action.
The bulletin outlined recommendations, including the use of regular software updates and strong password management systems to shore up digital defenses.
Hackers backing Tehran have targeted U.S. banks, defense contractors and energy companies following American strikes on Iranian nuclear facilities — but so far have not caused widespread disruptions.
While it lacks the technical abilities of China or Russia, Iran has long used its more limited capabilities to steal secrets, score political points or frighten opponents.
Analysts have tied some of these activities to groups working on behalf of Iran's military and intelligence agencies. But in other instances, the groups appear to act independently.