(520) 462-0516

info@threatintel-solutions.net

Threat Intel Solutions

Let’s Talk

Cyber weapons in the Israel-Iran conflict may hit the US

#### [Security](/security/)**6** Cyber weapons in the Israel-Iran conflict may hit the US========================================================**6** With Tehran’s military weakened, digital retaliation likely, experts tell *The Reg*———————————————————————————–[Jessica Lyons](/Author/Jessica-Lyons ‘Read more by this author’) Fri 13 Jun 2025 // 22:07 UTC [](https://www.reddit.com/submit?url=https://www.theregister.com/2025/06/13/cyber_weapons_israel_iran/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=Cyber%20weapons%20in%20the%20Israel-Iran%20conflict%20may%20hit%20the%20US) [](https://twitter.com/intent/tweet?text=Cyber%20weapons%20in%20the%20Israel-Iran%20conflict%20may%20hit%20the%20US&url=https://www.theregister.com/2025/06/13/cyber_weapons_israel_iran/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister) [](https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2025/06/13/cyber_weapons_israel_iran/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook) [](https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2025/06/13/cyber_weapons_israel_iran/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=Cyber%20weapons%20in%20the%20Israel-Iran%20conflict%20may%20hit%20the%20US&summary=With%20Tehran%e2%80%99s%20military%20weakened%2c%20digital%20retaliation%20likely%2c%20experts%20tell%20%3cem%3eThe%20Reg%3c%2fem%3e) [](https://api.whatsapp.com/send?text=https://www.theregister.com/2025/06/13/cyber_weapons_israel_iran/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp) The current Israel–Iran military conflict is taking place in the era of hybrid war, where cyberattacks amplify and assist missiles and troops, and is being waged between two countries with very capable destructive cyber weapons.Iran is widely expected to retaliate against Israel’s missile strikes with cyber operations — and these could extend to American targets, according to cyber warfare experts and threat analysts.’I would expect there to be a cyber component of both the Israeli and Iranian activities,’ former White House advisor Michael Daniel told *The Register*. ![](https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/front&sz=300×50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aE1Ia7uaL7MtqVlvbHKg1wAAAQw&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0)Daniel, who now leads the threat-intel sharing nonprofit Cyber Threat Alliance, said both countries ‘have the capability to conduct a range of activities, from fully reversible DDoS -[distributed denial-of-service-] attacks, which could disrupt online services temporarily, to destructive wiper attacks. At the very least, I am sure both sides are using cyber capabilities to conduct espionage and reconnaissance.’ ![](https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/front&sz=300×50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aE1Ia7uaL7MtqVlvbHKg1wAAAQw&t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0) ![](https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/front&sz=300×50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aE1Ia7uaL7MtqVlvbHKg1wAAAQw&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0)While cyber espionage began well before Israel’s June 13 strikes on Iran’s nuclear sites and military commanders, the worry is that Iran may launch destructive cyberattacks now that its military capabilities have been dealt a serious blow.’Iranian cyber activity has not been as extensive outside of the Middle East but could shift in light of the military actions,’ Google threat intelligence group chief analyst John Hultquist said in an email sent to *The Register*. ‘Iranian cyber espionage activity already targets the US government, military, and political -[sector-], but new activity may threaten privately owned critical infrastructure, or even private individuals.’ ![](https://pubads.g.doubleclick.net/gampad/ad?co=1&iu=/6978/reg_security/front&sz=300×50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aE1Ia7uaL7MtqVlvbHKg1wAAAQw&t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0)Tehran has the capacity to carry out destructive attacks — but to date, their success and technical sophistication have been limited.> The United States has too many cyber vulnerabilities that Iran can exploit — particularly in small unities and critical infrastructure operatorsIn 2023, Iran’s [CyberAv3ngers](https://www.theregister.com/2023/12/04/iran_terrorist_us_water_attacks/) carried intrusions across multiple US water systems, relying on default passwords for internet-accessible programmable logic controllers. In a second round of attacks, the Islamic Revolutionary Guard Corps-linked crew [used custom malware](https://www.theregister.com/2024/12/13/iran_cyberweapon_us_attacks/) to remotely control US and Israel-based water and fuel management systems.But aside from posting videos bragging about the intrusions on their Telegram sites, the attackers didn’t really do anything with the access they gained to these critical systems.’Fortunately, they didn’t understand what kind of access they had,’ Annie Fixler, director of the Center on Cyber and Technology Innovation at the national security think tank Foundation for Defense of Democracies, told *The Register*. ‘They could have caused significant disruption if they had been savvier.’If the loss of top generals and key facilities turns out to have crippled Iran’s chances of a successful military response, retaliation in cyberspace becomes an even bigger threat, she added.’I would not be surprised to see Iran activate additional cyber operatives, instructing them to target anything and everything they can in Israel as well as in the United States,’ Fixler said. ‘Even if the directive doesn’t come from Tehran, pro-regime hackers can read the writing on the wall and will launch additional operations.’Israel has historically been fairly resilient against Iranian cyberattacks, according to Fixler. ‘The United States, however, has too many cyber vulnerabilities that Iran can exploit — particularly in small utilities and critical infrastructure operators,’ she added. ‘US companies should be on alert so that they do not become targets of opportunity for Iran.’* [Iran-linked crew used custom ‘cyberweapon’ in US critical infrastructure attacks](https://www.theregister.com/2024/12/13/iran_cyberweapon_us_attacks/)* [US warns Iranian terrorist crew broke into ‘multiple’ US water facilities](https://www.theregister.com/2023/12/04/iran_terrorist_us_water_attacks/)* [Hacktivist attacks erupt in Middle East following Hamas assault on Israel](https://www.theregister.com/2023/10/09/hacktivism_middle_east/)* [Hacktivism resurges — but don’t be fooled, it’s often state-backed goons in masks](https://www.theregister.com/2025/04/13/hacktivism_is_having_a_resurgence/)* [Israeli hacktivist group brags it took down Iran’s internet](https://www.theregister.com/2024/08/02/israeli_hacktivists/)However, much like they’ve done in the past, we should expect Iranian hackers to exaggerate or make false claims about the success of these disruptive cyberattacks, Hultquist added. ‘The goal of many of these operations is psychological rather than practical, and it is important not to overestimate their impact,’ he said.’When it comes to disruptive attacks, typically the Iranians have deployed wipers against targets in critical infrastructure and other organizations,’ Hultquist told *The Register*. ‘We will probably see more of that in Israel and we could see it in the US as well. In those cases, it’s not unusual for them to claim that the attack is far more impactful than it really is.’Cybersecurity advisor Tom Kellermann, who served on the Commission on Cyber Security under President Barack Obama, said he expects to see CyberAv3ngers and the Iranian Cyber Army launch destructive cyberattacks against water utilities, electric, and transportation infrastructure. ‘Wipers and [NotPetya-style ransomware](https://www.theregister.com/2017/06/28/petya_notpetya_ransomware/) will be used,’ he predicted.Plus, he warned, it’s important to remember that Iran has an alliance with Russia and China, both of whom also have well-developed cyber weapons and government-backed cyber operatives at the ready.’I foresee a systemic, pronounced campaign by not only the regime but -[its-] allies,’ he told *The Register*. ‘If the US gets embroiled, I foresee China launching cyberattacks on behalf of -[its-] ally. If Israel hits Iran’s oil, which China is the largest importer of, China will also act.’ ® [Sponsored: 6 questions every Board should ask its CISO](https://go.theregister.com/tl/3156/shttps://go.theregister.com/k/6_questions_CISO) Share [](https://www.reddit.com/submit?url=https://www.theregister.com/2025/06/13/cyber_weapons_israel_iran/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=Cyber%20weapons%20in%20the%20Israel-Iran%20conflict%20may%20hit%20the%20US) [](https://twitter.com/intent/tweet?text=Cyber%20weapons%20in%20the%20Israel-Iran%20conflict%20may%20hit%20the%20US&url=https://www.theregister.com/2025/06/13/cyber_weapons_israel_iran/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister) [](https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2025/06/13/cyber_weapons_israel_iran/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook) [](https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2025/06/13/cyber_weapons_israel_iran/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=Cyber%20weapons%20in%20the%20Israel-Iran%20conflict%20may%20hit%20the%20US&summary=With%20Tehran%e2%80%99s%20military%20weakened%2c%20digital%20retaliation%20likely%2c%20experts%20tell%20%3cem%3eThe%20Reg%3c%2fem%3e) [](https://api.whatsapp.com/send?text=https://www.theregister.com/2025/06/13/cyber_weapons_israel_iran/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp) #### More about* [Iran](/Tag/Iran/)* [Israel](/Tag/Israel/)* [Security](/Tag/Security/) More like these × ### More about* [Iran](/Tag/Iran/)* [Israel](/Tag/Israel/)* [Security](/Tag/Security/) ### Narrower topics* [2FA](/Tag/2FA/)* [Advanced persistent threat](/Tag/Advanced%20persistent%20threat/)* [Application Delivery Controller](/Tag/Application%20Delivery%20Controller/)* [Authentication](/Tag/Authentication/)* [BEC](/Tag/BEC/)* [Black Hat](/Tag/Black%20Hat/)* [BSides](/Tag/BSides/)* [Bug Bounty](/Tag/Bug%20Bounty/)* [CHERI](/Tag/CHERI/)* [CISO](/Tag/CISO/)* [Common Vulnerability Scoring System](/Tag/Common%20Vulnerability%20Scoring%20System/)* [Cybercrime](/Tag/Cybercrime/)* [Cybersecurity](/Tag/Cybersecurity/)* [Cybersecurity and Infrastructure Security Agency](/Tag/Cybersecurity%20and%20Infrastructure%20Security%20Agency/)* [Cybersecurity Information Sharing Act](/Tag/Cybersecurity%20Information%20Sharing%20Act/)* [Data Breach](/Tag/Data%20Breach/)* [Data Protection](/Tag/Data%20Protection/)* [Data Theft](/Tag/Data%20Theft/)* [DDoS](/Tag/DDoS/)* [DEF CON](/Tag/DEF%20CON/)* [Digital certificate](/Tag/Digital%20certificate/)* [Encryption](/Tag/Encryption/)* [Exploit](/Tag/Exploit/)* [Firewall](/Tag/Firewall/)* [Hacker](/Tag/Hacker/)* [Hacking](/Tag/Hacking/)* [Hacktivism](/Tag/Hacktivism/)* [Identity Theft](/Tag/Identity%20Theft/)* [Incident response](/Tag/Incident%20response/)* [Infosec](/Tag/Infosec/)* [Infrastructure Security](/Tag/Infrastructure%20Security/)* [Kenna Security](/Tag/Kenna%20Security/)* [NCSAM](/Tag/NCSAM/)* [NCSC](/Tag/NCSC/)* [Palo Alto Networks](/Tag/Palo%20Alto%20Networks/)* [Password](/Tag/Password/)* [Personally Identifiable Information](/Tag/Personally%20Identifiable%20Information/)* [Phishing](/Tag/Phishing/)* [Quantum key distribution](/Tag/Quantum%20key%20distribution/)* [Ransomware](/Tag/Ransomware/)* [Remote Access Trojan](/Tag/Remote%20Access%20Trojan/)* [REvil](/Tag/REvil/)* [RSA Conference](/Tag/RSA%20Conference/)* [Spamming](/Tag/Spamming/)* [Spyware](/Tag/Spyware/)* [Surveillance](/Tag/Surveillance/)* [TLS](/Tag/TLS/)* [Trojan](/Tag/Trojan/)* [Trusted Platform Module](/Tag/Trusted%20Platform%20Module/)* [Vulnerability](/Tag/Vulnerability/)* [Wannacry](/Tag/Wannacry/)* [Zero trust](/Tag/Zero%20trust/) ### Broader topics* [EMEA](/Tag/EMEA/) #### More aboutShare [](https://www.reddit.com/submit?url=https://www.theregister.com/2025/06/13/cyber_weapons_israel_iran/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dreddit&title=Cyber%20weapons%20in%20the%20Israel-Iran%20conflict%20may%20hit%20the%20US) [](https://twitter.com/intent/tweet?text=Cyber%20weapons%20in%20the%20Israel-Iran%20conflict%20may%20hit%20the%20US&url=https://www.theregister.com/2025/06/13/cyber_weapons_israel_iran/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dtwitter&via=theregister) [](https://www.facebook.com/dialog/feed?app_id=1404095453459035&display=popup&link=https://www.theregister.com/2025/06/13/cyber_weapons_israel_iran/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dfacebook) [](https://www.linkedin.com/shareArticle?mini=true&url=https://www.theregister.com/2025/06/13/cyber_weapons_israel_iran/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dlinkedin&title=Cyber%20weapons%20in%20the%20Israel-Iran%20conflict%20may%20hit%20the%20US&summary=With%20Tehran%e2%80%99s%20military%20weakened%2c%20digital%20retaliation%20likely%2c%20experts%20tell%20%3cem%3eThe%20Reg%3c%2fem%3e) [](https://api.whatsapp.com/send?text=https://www.theregister.com/2025/06/13/cyber_weapons_israel_iran/%3futm_medium%3dshare%26utm_content%3darticle%26utm_source%3dwhatsapp) **6** COMMENTS #### More about* [Iran](/Tag/Iran/)* [Israel](/Tag/Israel/)* [Security](/Tag/Security/) More like these × ### More about* [Iran](/Tag/Iran/)* [Israel](/Tag/Israel/)* [Security](/Tag/Security/) ### Narrower topics* [2FA](/Tag/2FA/)* [Advanced persistent threat](/Tag/Advanced%20persistent%20threat/)* [Application Delivery Controller](/Tag/Application%20Delivery%20Controller/)* [Authentication](/Tag/Authentication/)* [BEC](/Tag/BEC/)* [Black Hat](/Tag/Black%20Hat/)* [BSides](/Tag/BSides/)* [Bug Bounty](/Tag/Bug%20Bounty/)* [CHERI](/Tag/CHERI/)* [CISO](/Tag/CISO/)* [Common Vulnerability Scoring System](/Tag/Common%20Vulnerability%20Scoring%20System/)* [Cybercrime](/Tag/Cybercrime/)* [Cybersecurity](/Tag/Cybersecurity/)* [Cybersecurity and Infrastructure Security Agency](/Tag/Cybersecurity%20and%20Infrastructure%20Security%20Agency/)* [Cybersecurity Information Sharing Act](/Tag/Cybersecurity%20Information%20Sharing%20Act/)* [Data Breach](/Tag/Data%20Breach/)* [Data Protection](/Tag/Data%20Protection/)* [Data Theft](/Tag/Data%20Theft/)* [DDoS](/Tag/DDoS/)* [DEF CON](/Tag/DEF%20CON/)* [Digital certificate](/Tag/Digital%20certificate/)* [Encryption](/Tag/Encryption/)* [Exploit](/Tag/Exploit/)* [Firewall](/Tag/Firewall/)* [Hacker](/Tag/Hacker/)* [Hacking](/Tag/Hacking/)* [Hacktivism](/Tag/Hacktivism/)* [Identity Theft](/Tag/Identity%20Theft/)* [Incident response](/Tag/Incident%20response/)* [Infosec](/Tag/Infosec/)* [Infrastructure Security](/Tag/Infrastructure%20Security/)* [Kenna Security](/Tag/Kenna%20Security/)* [NCSAM](/Tag/NCSAM/)* [NCSC](/Tag/NCSC/)* [Palo Alto Networks](/Tag/Palo%20Alto%20Networks/)* [Password](/Tag/Password/)* [Personally Identifiable Information](/Tag/Personally%20Identifiable%20Information/)* [Phishing](/Tag/Phishing/)* [Quantum key distribution](/Tag/Quantum%20key%20distribution/)* [Ransomware](/Tag/Ransomware/)* [Remote Access Trojan](/Tag/Remote%20Access%20Trojan/)* [REvil](/Tag/REvil/)* [RSA Conference](/Tag/RSA%20Conference/)* [Spamming](/Tag/Spamming/)* [Spyware](/Tag/Spyware/)* [Surveillance](/Tag/Surveillance/)* [TLS](/Tag/TLS/)* [Trojan](/Tag/Trojan/)* [Trusted Platform Module](/Tag/Trusted%20Platform%20Module/)* [Vulnerability](/Tag/Vulnerability/)* [Wannacry](/Tag/Wannacry/)* [Zero trust](/Tag/Zero%20trust/) ### Broader topics* [EMEA](/Tag/EMEA/) #### TIP US OFF[Send us news](https://www.theregister.com/Profile/contact/)[#### Enterprises are getting stuck in AI pilot hell, say Chatterbox Labs execsInterview Security, not model performance, is what’s stalling adoptionAI + ML6 days -| 30](/2025/06/08/chatterbox_labs_ai_adoption/?td=keepreading) [#### Trump’s cyber czar pick grilled over CISA cuts: ‘If we have a cyber 9/11, you’re the guy’Plus: Plankey’s confirmation process ‘temporarily delayed’Security9 days -| 7](/2025/06/05/trump_cyber_nominee_cairncross/?td=keepreading) [#### Dem senators pen stern letter urging Noem to reinstate cyber review boardRemember Salt Typhoon? Anyone?Public Sector12 days -| 8](/2025/06/02/senators_to_noem_reestablish_csrb/?td=keepreading) [#### From hype to harm: 78% of CISOs see AI attacks alreadyAI attacks are keeping most practitioners up at night, says Darktrace, and with good reasonSponsored feature](/2025/05/16/cisos-report-ai-attacks/?td=keepreading) [#### Schneier tries to rip the rose-colored AI glasses from the eyes of CongressDOGE moves fast and breaks things, and now our data is at risk, security guru warns in hearingPublic Sector7 days -| 53](/2025/06/06/schneier_doge_risks/?td=keepreading) [#### Chinese spy crew appears to be preparing for conflict by backdooring 75+ critical orgsSentinelOne discovered the campaign when they tried to hit the security vendor’s own serversResearch5 days -| 17](/2025/06/09/china_malware_flip_switch_sentinelone/?td=keepreading) [#### AI kept 15-year-old zombie vuln alive, but its time is drawing nearResearchers have come up with a fix for a path traversal bug first spotted in 2010Research9 days -| 27](/2025/06/05/llm_kept_persistent_path_traversal_bug_alive/?td=keepreading) [#### CISO who helped unmask Badbox warns: Version 3 is comingThe botnet’s still alive and evolvingCyber-crime3 days -|](/2025/06/11/badbox_round_three/?td=keepreading) [#### You say Cozy Bear, I say Midnight Blizzard, Voodoo Bear, APT29 …Opinion Microsoft, CrowdStrike, and pals promise clarity on cybercrew naming, deliver alias salad insteadCyber-crime10 days -| 14](/2025/06/03/microsoft_crowdstrike_cybercrew_naming_clarity/?td=keepreading) [#### Play ransomware crims exploit SimpleHelp flaw in double-extortion schemesRecompiled binaries and phone threats used to boost the pressureCyber-crime9 days -| 1](/2025/06/04/play_ransomware_infects_900_victims/?td=keepreading) [#### Tinfoil hat wearers can thank AI for declassification of JFK docsPlus: AWS launches second Secret-level cloud regionAI + ML4 days -| 25](/2025/06/10/tulsi_gabbard_aws_summit/?td=keepreading) [#### Illicit crypto-miners pouncing on lazy DevOps configs that leave clouds vulnerableTo stop the JINX-0132 gang behind these attacks, pay attention to HashiCorp, Docker, and Gitea security settingsSecurity11 days -| 6](/2025/06/03/illicit_miners_hashicorp_tools/?td=keepreading)

Related Tags:
Playcrypt

Play

Midnight Blizzard

NAICS: 54 – Professional

Scientific

Technical Services

NAICS: 541 – Professional

Scientific

Technical Services

NAICS: 221 – Utilities

NAICS: 518 – Computing Infrastructure Providers

Data Processing

Web Hosting

Related Services

NAICS: 92 – Public Administration

NAICS: 22 – Utilities

Associated Indicators:

Search

Popular Posts

Categories

Pages

Archives

Tags

Follow Us