Iran-linked hackers are threatening a new wave of “devastating” cyberattacks targeting critical infrastructure as fears grow over a renewed outbreak of conflict involving the United States, Iran, and Israel.
According to reporting from Threat Beat, Iranian cyber actors claimed Thursday they detected “preparations for the renewed outbreak of military conflict in the coming days” and warned they already have “dozens” of attacks prepared against energy, information technology, and industrial infrastructure.
The threats come amid a broader escalation in cyberwarfare tied to the ongoing 2026 Iran conflict. Cybersecurity experts and federal agencies have repeatedly warned that Iran-linked hacking groups are increasingly targeting U.S. utilities, water systems, transportation networks, and operational technology tied to critical infrastructure.
Recent intelligence assessments cited by the Center for Strategic and International Studies warned that Iranian cyber actors are operating “in their comfort zone” by focusing on water, energy, and industrial systems using relatively unsophisticated but disruptive attacks. Analysts noted Iran has a long history of probing American infrastructure, including previous attacks targeting dams, power systems, and Israeli-linked industrial controls.
Security researchers have also observed a major surge in pro-Iran “hacktivist” activity since the outbreak of the Iran war earlier this year. Palo Alto Networks’ Unit 42 reported more than 60 Iran-aligned cyber groups have claimed attacks or disruptive operations since March, including attempts to target fuel systems, transportation networks, healthcare infrastructure, and government agencies.
The warnings come as tensions continue escalating militarily across the Middle East. U.S. and Israeli operations earlier this year reportedly included large-scale cyber offensives designed to disrupt Iranian command-and-control networks ahead of airstrikes, while Iran has increasingly relied on proxy cyber groups and asymmetric retaliation capabilities.
Cybersecurity officials increasingly view dormant malware and hidden network access as far more dangerous than traditional hacking operations because the goal is no longer publicity — it is strategic disruption.
Website defacements and propaganda attacks are typically designed to create headlines, spread fear, or embarrass governments and corporations. While disruptive, those attacks are usually temporary and relatively easy to contain.
The much larger concern involves sophisticated cyber intrusions that quietly remain inside critical infrastructure systems for months or even years without detection.
Officials fear adversarial governments — including China, Russia, Iran, and North Korea — may already have pre-positioned access inside sectors such as:
- Electrical grids
- Water treatment systems
- Oil and gas pipelines
- Transportation networks
- Telecommunications systems
- Financial institutions
- Hospital and emergency response networks
Rather than immediately causing damage, attackers often prioritize remaining hidden while mapping internal systems, identifying vulnerabilities, and positioning malicious code for future activation.
In a broader regional war or geopolitical crisis, those dormant systems could potentially be activated simultaneously to create chaos far beyond the battlefield.
Cybersecurity experts warn that scenario could involve:
- Widespread power outages
- Cellular and internet disruptions
- Fuel distribution failures
- Banking outages and ATM shutdowns
- Railroad or air traffic interruptions
- Water contamination alerts or treatment failures
- Emergency dispatch disruptions
- Hospital system outages delaying medical care
The strategic goal would not necessarily be permanent destruction.
Instead, the objective would likely center on creating confusion, slowing military logistics, undermining public confidence, and overwhelming emergency response systems during a period of heightened geopolitical tension.
READ NEXT: Ex-Trump Official Warns Conflict Could Trigger Drastic US Response
