Generic coding language design with red background

Iran Cyber Threat Overview and Advisories

CISA works to ensure U.S. critical infrastructure, government partners, and others have the information and guidance to defend themselves against Iran state-sponsored cybersecurity activity.

Ahead of the U.S. election in 2024, Iran may attempt to conduct influence operations aimed at U.S. interests, including targeting U.S. elections, having demonstrated a willingness and capability to do so in the past. During the U.S. election cycle in 2020, Iranian cyber actors obtained or attempted to obtain U.S. voter information, sent threatening emails to voters, and disseminated disinformation about the election.

Recent Iranian state-sponsored activity has included malicious cyber activity against operational technology devices by Iranian Government Islamic Revolutionary Guard Corps (IRGC)-affiliated APT cyber actors. The following actions are key to strengthening operational resilience against this threat:

  • Implement multifactor authentication.
  • Use strong, unique passwords. 
  • Check programmable logic controllers for default passwords.
Outline of the country of Iran with flag and binary number background.

Iran State-Sponsored Activity Targeting Vulnerable OT Devices

The U.S. government has attributed cyber intrusions on vulnerable operational technology devices to Iranian Government Islamic Revolutionary Guard Corps (IRGC)-affiliated cyber actors. IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors details this activity.

View advisory
STOCK -Cyber Alert and Advisory

CISA and Joint CISA Advisories

Review Iran-specific advisories here.

View Publications

Key Resources

Advanced Persistent Threats

Defending Against Nation-State Cyber Threats

Find more information on Nation-State adversaries and related resources.