Summary:
The recent conflict between Iran, Israel, and the US has heightened the risk of cyber spillover. Iranian threat groups have been expanding their global operations, including using generative AI for social engineering and influence operations. These activities are in addition to traditional tactics such as targeted spear-phishing campaigns and exploitation of known vulnerabilities.

Iranian nation-state actors frequently employ a variety of tactics, techniques, and procedures (TTPs) to achieve their objectives, which include espionage and disruption. This includes covert infrastructure for espionage, where fake websites are used to collect extensive visitor data suggesting strategic intelligence-gathering objectives. Additionally, Iranian threat groups have been observed using AI-enhanced social engineering in malicious PDFs.

The use of generative AI in cyber attacks is a relatively new development, but it has the potential to significantly increase the effectiveness of these threats. Generative AI can be used to create highly realistic and convincing phishing emails, making it more difficult for organizations to detect and block them. Furthermore, the use of AI-enhanced social engineering tactics can also lead to increased employee turnover rates due to burnout from constant phishing attempts.

In addition to the threat posed by Iranian nation-state actors, there is also a risk of hacktivists supporting Iran launching disruptive attacks on US-based interests both domestically and abroad. These attacks could include DDoS campaigns targeting critical infrastructure, as well as influence operations on social media platforms.

Security Officer Comments:
The threat landscape for organizations in the coming months will be complex and dynamic. Iranian nation-state actors are likely to continue their expansion into new regions, including Europe and Asia. Hacktivists supporting Iran may also launch attacks against US-based interests, both domestically and abroad.Cybercriminal groups could opportunistically exploit global uncertainty to launch phishing campaigns, leveraging world events as a theme for malicious emails and attachments. Other nation-state actors (e.g. China, Russia) could use the situation to further their interests through false-flag operations.

Suggested Corrections:
This is a critical time for organizations to be vigilant about potential Iranian threat actor activity. The use of generative AI in social engineering tactics makes it essential to stay ahead of these threats. The NIST Cybersecurity Framework provides a solid foundation for mitigating the risk of cyber spillover.

By implementing its recommendations and staying informed about global events, organizations can reduce their exposure to Iranian threat actor activity. Organizations must be prepared to respond quickly and effectively in the event of a breach. This requires having a robust incident response plan in place, as well as regular training for employees on phishing and social engineering tactics.

Link(s):
https://unit42.paloaltonetworks.com/iranian-cyberattacks-2025/