**DHS Warns of Escalating Cyber Threats from Iran-Backed Hackers Amid Rising Tensions**
The U.S. Department of Homeland Security (DHS) issued a National Terrorism Advisory System (NTAS) bulletin on Sunday, warning of heightened cyberattack risks from Iran-backed hacking groups and pro-Iranian hacktivists following recent geopolitical escalations. The advisory highlights a "heightened threat environment" in the U.S., with low-level cyberattacks likely targeting vulnerable networks.
The DHS cautioned that violent extremists within the U.S. could mobilize in response to the Israel-Iran conflict, particularly if Iranian leadership issues a religious ruling calling for retaliatory violence. The bulletin also noted that anti-Semitic and anti-Israel sentiment has already motivated recent domestic attacks, raising concerns about further violence.
The warning follows a pattern of Iranian state-affiliated hackers and hacktivists exploiting poorly secured U.S. networks. In October, authorities in the U.S., Canada, and Australia reported that Iranian hackers were acting as initial access brokers, breaching organizations in healthcare, government, IT, engineering, and energy sectors through brute-force attacks, password spraying, and MFA fatigue (push bombing).
A separate August advisory from CISA, the FBI, and the Defense Department’s Cyber Crime Center (DC3) identified Br0k3r (also known as Pioneer Kitten, Fox Kitten, and other aliases) as a state-sponsored Iranian threat group involved in selling access to compromised networks to ransomware affiliates in exchange for a share of profits.
While the DHS did not explicitly link the NTAS bulletin to recent events, the warning comes after U.S. strikes on Iranian nuclear facilities—including Fordow, Natanz, and Isfahan—on Saturday, just over a week after Israel targeted Iranian nuclear and military sites on June 13. Iran’s Foreign Minister, Abbas Araghchi, responded by warning of "everlasting consequences" and asserting Iran’s right to defend its sovereignty.
Federal Bureau of Investigation (FBI) cybersecurity rating report: https://www.rankiteo.com/company/fbi
Cybersecurity and Infrastructure Security Agency cybersecurity rating report: https://www.rankiteo.com/company/cisagov
U.S. Department of Homeland Security cybersecurity rating report: https://www.rankiteo.com/company/us-department-of-homeland-security
united-states-department-of-defense cybersecurity rating report: https://www.rankiteo.com/company/united-states-department-of-defense
"id": "FBICISUS-UNI1767786135",
"linkid": "fbi, cisagov, us-department-of-homeland-security, united-states-department-of-defense",
"type": "Cyber Attack",
"date": "1/2026",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'industry': 'Healthcare',
'location': 'U.S.',
'name': 'Healthcare sector organizations',
'type': 'Sector'},
{'industry': 'Government',
'location': 'U.S.',
'name': 'Government organizations',
'type': 'Sector'},
{'industry': 'Information Technology',
'location': 'U.S.',
'name': 'Information Technology sector organizations',
'type': 'Sector'},
{'industry': 'Engineering',
'location': 'U.S.',
'name': 'Engineering sector organizations',
'type': 'Sector'},
{'industry': 'Energy',
'location': 'U.S.',
'name': 'Energy sector organizations',
'type': 'Sector'}],
'attack_vector': ['Brute-force attacks',
'Password spraying',
'MFA fatigue (push bombing)'],
'description': 'The U.S. Department of Homeland Security (DHS) issued a '
'warning about escalating cyberattack risks from Iran-backed '
'hacking groups and pro-Iranian hacktivists. The advisory '
'highlights a heightened threat environment in the U.S. due to '
'the Iran conflict, with low-level cyberattacks likely '
'targeting poorly secured networks. The warning also notes the '
'potential for increased violent extremist activity in the '
'U.S. in response to the conflict.',
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (ransomware '
'affiliates)',
'entry_point': ['Brute-force attacks',
'Password spraying',
'MFA fatigue (push bombing)']},
'motivation': ['Retaliation for U.S. attacks on Iranian nuclear facilities',
'Financial gain (ransomware payments)',
'Political/ideological (anti-Semitic or anti-Israel '
'sentiment)'],
'references': [{'source': 'U.S. Department of Homeland Security (DHS) '
'National Terrorism Advisory System bulletin'},
{'source': 'CISA, FBI, and DC3 advisory on Br0k3r threat '
'group'}],
'threat_actor': ['Iran-backed hacking groups',
'Pro-Iranian hacktivists',
'Br0k3r (Pioneer Kitten, Fox Kitten, UNC757, Parisite, '
'RUBIDIUM, Lemon Sandstorm)'],
'title': 'DHS Warning of Escalating Cyberattack Risks by Iran-Backed Hacking '
'Groups',
'type': 'Cyberattack, Initial Access Brokerage, Ransomware',
'vulnerability_exploited': 'Poorly secured networks, MFA vulnerabilities'}