Hacktivists Launch DDoS Attacks at U.S. Following Iran Bombings
Summary:
In the wake of U.S. airstrikes on Iranian nuclear facilities on June 21, 2025, several Iran-aligned hacktivist groups launched cyberattacks against American military, defense, and financial institutions. Notable groups such as Mr. Hamza, Team 313, Cyber Jihad, and Keymous+ claimed responsibility for a series of DDoS attacks targeting U.S. Air Force domains, aerospace companies, and banks. These actions were framed as retaliation for the U.S. involvement in the escalating conflict between Israel and Iran, which has seen an exchange of missile and drone strikes since June 13.
The Department of Homeland Security (DHS) issued a warning on June 22, cautioning that low-level cyberattacks from pro-Iranian actors were likely and that more severe cyber threats from Iranian government-affiliated groups could also materialize. To date, many of the hacktivist claims have been supported by uptime monitoring screenshots, although the credibility of some, such as a purported attack on Truth Social by Team 313, remains questionable.
Security Officer Comments:
These cyberattacks are part of a broader, digital escalation linked to the geopolitical tensions in the Middle East. According to cybersecurity firm Cyble, out of 88 hacktivists groups in the region, 81 are aligned with Iran. While the majority of attacks observed to date have targeted Israeli entities, including ransomware and data leaks, researchers note that the cyber aggression has expanded to include U.S and other regional players like Jordan, Egypt, and the UAE.
Despite the growing number of incidents, the scale of attacks on the U.S. remains smaller compared to the volume seen in the Middle East. However, the situation remains volatile, with DHS also warning of the possibility of physical reprisals if Iran’s leadership were to issue religious calls for retaliation.
Suggested Corrections:
(Cyble) Organizations that could be vulnerable to hacktivism are advised to invest in DDoS protection and to take steps to ensure against data breaches, website defacements, and increasingly, ransomware and critical infrastructure attacks. That means hardening and segmenting critical and web-exposed assets; a risk-based vulnerability management program; Zero-Trust access principles; ransomware-resistant backups; network, endpoint, and cloud monitoring; and well-rehearsed incident response plans.
Link(s):
https://cyble.com/blog/hacktivists-launch-ddos-attacks-at-us-iran-bombings/
In the wake of U.S. airstrikes on Iranian nuclear facilities on June 21, 2025, several Iran-aligned hacktivist groups launched cyberattacks against American military, defense, and financial institutions. Notable groups such as Mr. Hamza, Team 313, Cyber Jihad, and Keymous+ claimed responsibility for a series of DDoS attacks targeting U.S. Air Force domains, aerospace companies, and banks. These actions were framed as retaliation for the U.S. involvement in the escalating conflict between Israel and Iran, which has seen an exchange of missile and drone strikes since June 13.
The Department of Homeland Security (DHS) issued a warning on June 22, cautioning that low-level cyberattacks from pro-Iranian actors were likely and that more severe cyber threats from Iranian government-affiliated groups could also materialize. To date, many of the hacktivist claims have been supported by uptime monitoring screenshots, although the credibility of some, such as a purported attack on Truth Social by Team 313, remains questionable.
Security Officer Comments:
These cyberattacks are part of a broader, digital escalation linked to the geopolitical tensions in the Middle East. According to cybersecurity firm Cyble, out of 88 hacktivists groups in the region, 81 are aligned with Iran. While the majority of attacks observed to date have targeted Israeli entities, including ransomware and data leaks, researchers note that the cyber aggression has expanded to include U.S and other regional players like Jordan, Egypt, and the UAE.
Despite the growing number of incidents, the scale of attacks on the U.S. remains smaller compared to the volume seen in the Middle East. However, the situation remains volatile, with DHS also warning of the possibility of physical reprisals if Iran’s leadership were to issue religious calls for retaliation.
Suggested Corrections:
(Cyble) Organizations that could be vulnerable to hacktivism are advised to invest in DDoS protection and to take steps to ensure against data breaches, website defacements, and increasingly, ransomware and critical infrastructure attacks. That means hardening and segmenting critical and web-exposed assets; a risk-based vulnerability management program; Zero-Trust access principles; ransomware-resistant backups; network, endpoint, and cloud monitoring; and well-rehearsed incident response plans.
Link(s):
https://cyble.com/blog/hacktivists-launch-ddos-attacks-at-us-iran-bombings/