Hackers Target U.S. Defense Contractors After Iran Strikes

In the wake of U.S. military strikes on Iranian nuclear sites, Iran’s cyber response has kicked into high gear — and cleared defense contractors are in the crosshairs. These state-sponsored hacking groups are now actively targeting U.S. defense contractors and critical infrastructure sectors with a surge in cyber operations. Their mission: disrupt operations, steal secrets, and stay hidden long enough to spy.

Who’s at risk

Organizations holding Facility Security Clearances are at increased risk, particularly those involved in defense, aerospace, and energy sectors. Even subcontractors or smaller cleared facilities aren’t off the radar. If your work touches national defense, even indirectly, you’re a target.

How they’re attacking

These hackers aren’t subtle. Here’s what they’re using to get in and cause damage:

• Phishing: Credential harvesting via sophisticated lures
• Exploitation: Targeting unpatched internet-facing systems
• Malware: For exfiltration and long-term access
• Denial-of-service: Disruption of operations and systems
  
  

What to do now

Act fast. Start with these steps:

• Enhance email security
  • Implement anti-phishing detection tools
  • Train staff on spotting suspicious messages
• Update systems
  • Prioritize software updates
  • Ensure systems are current with the latest security patches
• Strengthen access controls
  • Use multi-factor authentication
  • Review who has access – and why
• Monitor networks
  • Set up alerts for unusual activity
  • Review incident response protocols
• Report incidents early
  • Report any suspicious activity to your company’s Facility Security Officers or your ISI Assistant Facility Security Officer immediately
    
    

How ISI can help

We’re actively monitoring the situation and ready to support your team:

• Run targeted security assessments
• Provide up to date threat awareness training
• Build or refine your incident response plan
• Coordinate with relevant authorities if needed

These aren’t theoretical threats, they’re happening now. The sooner you act, the better you can protect your team, your data, and national security.

Links

• Iranian Cyber Actors May Target Vulnerable US Networks and Entities of Interest