Iranian hackers affiliated with the government breach American companies in the transportation and manufacturing sectors
In recent months, a series of cyber-attacks on U.S. critical infrastructure has been traced back to Iran-linked hacker groups. These groups, including MuddyWater, APT33, OilRig, CyberAv3ngers, FoxKitten, and Homeland Justice, have significantly expanded their activities, primarily targeting the transportation and manufacturing sectors.
The escalation of these attacks coincides with the escalation of the Israel-Iran conflict. According to a report by Nozomi Networks, there was a notable increase in attacks in May and June 2025, with 28 attacks reported, compared to 12 in March and April of the same year.
Groups like MuddyWater, known for targeting organisations across multiple countries, have been particularly active. They targeted five U.S. firms, while APT33, which focuses on the U.S., Israel, Saudi Arabia, the Netherlands, and Switzerland, targeted three. Other groups targeted two firms each.
MuddyWater, linked to Iran's Ministry of Intelligence and Security, has a history of attempting to hack telecommunications, defence, and energy firms. On the other hand, CyberAv3ngers, linked to Iran's Islamic Revolutionary Guard Corps, is known for recent attacks on industrial equipment controlling water systems and other infrastructure.
The U.S. government has issued warnings about potential cyber threats from these groups, advising heightened security measures for critical infrastructure. The Department of State is offering rewards for information on Iranian hackers linked to such attacks, particularly those involved in Industrial Control Systems (ICS) malware campaigns.
These Iran-linked threat groups have benefited from ongoing geopolitical tensions and conflicts. Their operations often coincide with broader strategic goals, such as retaliation for military actions against Iran. Pro-Iranian and pro-Palestinian hackers have claimed responsibility for DDoS attacks on U.S. banks, defence firms, and oil companies.
One year earlier, Bitdefender reported that Iran-linked operatives were trying to breach aviation firms in the Middle East. CISA has also issued a warning that Iran could use cyberspace to retaliate against the U.S. for stepping into the Israel-Iran conflict.
As the situation continues to evolve, it is crucial for U.S. firms to remain vigilant and implement robust cybersecurity measures to protect their critical infrastructure.
- The heightened activities of Iran-linked hacker groups, such as MuddyWater and CyberAv3ngers, in cyber-attacks on U.S. critical infrastructure increasingly reflect the escalation of the Israel-Iran conflict.
- With a notable increase in attacks this May and June, compared to previous months, privacy and security concerns are rising as U.S. firms must prioritize cybersecurity measures to protect their critical technology systems from these Iran-linked threats.
