Iraqi Shiite residents hold up portraits of Iranian Supreme Leader Ayatollah Khamenei, shout slogans and wave Iranian flags during a protest against the US and Israeli attacks on Iran on a bridge leading to the Green Zone, where the US Embassy is located in Baghdad, on February 28, 2026. Hundreds of people protested against US and Israeli attacks on Iran near the US embassy in Baghdad. AFP correspondents said on February 28.
Ahmad Al Rubai | AFP | Getty Images
As fighting intensifies in the Middle East, cyber experts are increasingly warning of online attacks from Iran against U.S. businesses and infrastructure.
“From a timing perspective, it’s now or never,” said Pavel Gurvich, founder and CEO of cybersecurity startup Tenzai. “In that sense, the stakes are meaningfully higher.”
Gurvich said Iran may be stockpiling capabilities and waiting for a high-risk moment to activate them.
Following last weekend’s attacks in the region by the United States and Israel, Iran stepped up its retaliatory attacks, attacking U.S. military bases, embassies, and key locations in Tel Aviv, Doha, and Dubai.
The looming threat of an Iran-linked cyberattack poses a significant risk to the United States as the Cybersecurity and Infrastructure Security Agency, a major readiness agency, grapples with partial government shutdowns, furloughs, and leadership changes that could hamper its ability to counter attacks.
CISA confusion
U.S. Secretary of Homeland Security Kristi Noem testifies during a Senate Judiciary Committee hearing on “Oversight of the Department of Homeland Security” at the Capitol in Washington, DC, on March 3, 2026.
Kevin Lamarque | Reuters
Homeland Security Secretary Kristi Noem said in a statement this week that DHS is working with federal intelligence and law enforcement partners to “closely monitor and thwart” potential threats to the United States.
The agency has reportedly lost about a third of its employees since President Trump took office, and interim director Madhu Gotumukkara was reassigned to another division of DHS last week.
Politico reported that during Gottumukkala’s tenure, he clashed with staff and terminated major contracts. He has also come under intense scrutiny for uploading classified documents to ChatGPT, and he also failed a polygraph test conducted by CISA officials when he sought access to his records.
Chief Information Officer Bob Costello announced on LinkedIn this week that he is “separating from federal service.” Politico previously reported that Costello was asked to resign or take another position within DHS.
As of Tuesday afternoon, CISA’s website said it was last updated on Feb. 17 and is not actively maintained due to “expiration of federal funding.”
DHS announced on February 17 that the agency would suspend cybersecurity assessments, among other training and initiatives.
“As the failures continue, CISA’s lack of involvement in these key areas will lead to increased threats and weaknesses in the future,” the website says.
Lawmakers are also concerned about the nation’s preparedness as the government shutdown drags on.
House Appropriations Committee Chairman Tom Cole wrote last month that CISA was already “short-staffed” and that a shutdown would hamper the state’s ability to protect critical infrastructure and hospitals.
Growing cyber threats
Cybersecurity experts said the group would continue to operate through proxies and VPNs during the country’s internet shutdown.
cloud strikeAdam Myers, director of counteradversarial operations at , said Monday that the Austin-based company has seen a spike in claims of network and server failures from Iran-linked groups that could target the financial sector or critical infrastructure.
John Hultquist, Principal Analyst googleThe threat intelligence group told CNBC in a statement Tuesday that Iran has a history of exaggerated attacks and that while its claims should be taken “with a grain of salt,” they could have serious repercussions for businesses.
JP Morgan Chase CEO Jamie Dimon told CNBC’s Leslie Picker on Monday that banks could be targeted and said he expected an increase in cyber and terrorist attacks globally.
“We’re always trying to prepare for that,” he said, adding that he believes cyber is “one of the highest risks a bank takes.”
Iran has proven capable of overcoming U.S. targets, claiming responsibility in 2024 for hacking the emails of several staffers connected to President Donald Trump’s campaign.
CNBC previously reported that in 2012 and 2013, the country was behind major denial-of-service attacks against major banks that crashed their websites.
Hultquist said Tuesday that cyber threats from Iran follow a “common pattern.”
“We expect Iran to target the United States, Israel, and Gulf Cooperation Council (GCC) countries with destructive cyberattacks, focusing on opportunities and critical infrastructure,” he said.
