Over the weekend, the Department of Homeland Security has issued a public bulletin warning that pro-Iranian hackers and state-aligned cyber groups may soon ramp up their attacks on American targets.
The advisory, released over the weekend, says the current conflict in the Middle East has created a more volatile environment at home. It notes that while high-impact attacks aren’t guaranteed, smaller-scale cyber intrusions—particularly by politically motivated “hacktivists”—are becoming more likely.
Federal officials also warned that, under certain circumstances, extremist violence could increase domestically—especially if Iranian leaders publicly call for retaliation. The report ties this concern to a broader trend, pointing out that recent acts of violence in the U.S. have been driven by anti-Semitic and anti-Israel ideologies.
Security experts are paying close attention to a group known in intelligence circles as Br0k3r (also called Pioneer Kitten, UNC757, and other aliases). This group has a track record of breaking into vulnerable networks and selling access to cybercriminals who later deploy ransomware. They’re believed to be tied to the Iranian government.
The DHS didn’t mention last week’s military operations directly, but the timing suggests a connection. On Saturday, the U.S. military reportedly struck key Iranian nuclear facilities at Fordow, Natanz, and Isfahan—just days after Israel launched similar attacks.
In a statement, Iran’s Foreign Minister Abbas Araghchi responded sharply, calling the U.S. operation a provocation and warning of serious consequences.
Meanwhile, the digital battlefield is heating up. Shortly after the airstrikes, a pro-Iranian hacker group named Team 313 claimed it had taken down former President Donald Trump’s Truth Social platform using a DDoS attack. The claim hasn’t been verified, but cybersecurity analysts say it fits the recent pattern of escalating cyber skirmishes tied to the broader Iran-Israel conflict.
The DHS bulletin also echoes earlier alerts from cybersecurity agencies in the U.S., Canada, and Australia. Those advisories warned that Iranian hackers are targeting weak entry points across industries—from healthcare to energy—and using brute-force methods or MFA fatigue attacks to get in.
Experts say it’s not just the government that needs to be on alert. Businesses and infrastructure operators are being urged to shore up digital defenses as the cyber front of this conflict shows no signs of cooling down.
