The U.S. Department of Homeland Security (DHS) issued a new National Terrorism Advisory System (NTAS) bulletin on June 22nd, warning of an "elevated threat environment" in the United States amid global unrest and rising tensions with foreign adversaries like Iran. While the alert highlights threats both physical and digital, cybersecurity professionals are zeroing in on the increased likelihood of Iranian-backed cyber activity targeting U.S. organizations and infrastructure.
"In the current heightened threat environment," the DHS bulletin states, "state actors may seek to exploit developments overseas to carry out malign influence operations and cyberattacks against critical infrastructure or key institutions."
That warning has prompted discussion across the cybersecurity community, including from former CISA Director Jen Easterly, who emphasized vigilance and resilience in the face of global instability in this LinkedIn post:
Iran's cyber arsenal includes more than basic espionage. Experts warn that Iran-linked threat actors have deployed destructive malware and persistent mobile surveillance campaigns with increasing technical sophistication.
"Iran has become a global cyber power, and for businesses especially, this means the risk is not merely disruption, but sophisticated data-wiping malware which is designed to erase data and render systems unbootable," said Ted Miracco, CEO of Approov.
"Iran-linked groups like Domestic Kitten specialize in long-standing mobile surveillance operations.... These attack vectors demonstrate Iran's comprehensive capacity to conduct cyber warfare."
Lawrence Pingree, Vice President at Dispersive, said he believes Iranian cyber retaliation will be bold and designed to make a statement, particularly targeting sectors that could create economic disruption.
"Whatever Iran's response, it'll likely be highly visible to prove a point," said Pingree. "Disruptions in oil and gas can cause significant economic harm, so attacks that affect these types of commodities can be attractive outcomes to disrupt economies and investors."
Pingree recommends that organizations heighten monitoring for tactics, techniques, and infrastructure previously associated with Iranian groups.
While concern is warranted, Evan Dornbush, CEO of Desired Effect and former NSA cybersecurity expert, cautions against fear-based reactions or opportunistic vendor marketing.
"If companies are going to have 'shields up,' it should be from unscrupulous salespeople looking to profit off of hype and fear," said Dornbush. "Reacting to news is an outdated and unnecessary approach rendered obsolete by the shift to proactive cybersecurity strategies."
Instead, Dornbush encourages security leaders to lean on existing cyber threat intelligence channels and focus on proactive resilience measures.
The renewed DHS advisory and expert warnings serve as a reminder that Iranian cyber capabilities are real, persistent, and increasingly destructive. Organizations—especially those in critical infrastructure sectors like energy, healthcare, and finance—should remain alert for signs of wiper malware, espionage campaigns, and mobile surveillance activity.
But rather than react out of fear, security leaders are encouraged to double down on threat intelligence, reinforce proactive defenses, and stay grounded in long-term resilience strategies that can withstand both geopolitical shocks and opportunistic cyber activity.
Follow SecureWorld News for more stories related to cybersecurity.
[RELATED: Israel–Iran Conflict Escalates in Cyberspace: Banks and Crypto Hit, Internet Cut]