Hackers backing Tehran have targeted U.S. banks, defense contractors and oil industry companies following American strikes on Iranian nuclear facilities — but so far have not caused widespread disruptions to critical infrastructure or the economy. But that could change if the ceasefire between Iran and Israel collapses or if independent hacking groups supporting Iran make good on promises to wage their own digital conflict against the U.S., analysts and cyber experts say. The U.S. strikes could even prompt Iran, Russia, China and North Korea to double down on investments in cyberwarfare, according to Arnie Bellini, a tech entrepreneur and investor. Bellini noted that hacking operations are much cheaper than bullets, planes or nuclear arms — what defense analysts call kinetic warfare. America may be militarily dominant, he said, but its reliance on digital technology poses a vulnerability. “We just showed the world: You don’t want to mess with us kinetically,” said Bellini, CEO of Bellini Capital. “But we are wide open digitally. We are like Swiss cheese.” Hackers have hit banks and defense contractors Two pro-Palestinian hacking groups claimed they targeted more than a dozen aviation firms, banks and oil companies following the U.S. strikes over the weekend. The hackers detailed their work in a post on the Telegram messaging service and urged other hackers to follow their lead, according to researchers at the SITE Intelligence Group, which tracks the groups’ activity. The attacks were denial-of-service attacks, in which a hacker tries to disrupt a website or online network. “We increase attacks from today,” one of the hacker groups, known as Mysterious Team, posted Monday. Federal authorities say they are on guard for additional attempts by hackers to penetrate U.S. networks. The Department of Homeland Security issued a public bulletin Sunday warning of increased Iranian cyber threats. The Cybersecurity and Infrastructure Security Agency issued a statement Tuesday urging organizations that operate critical infrastructure like water systems, pipelines or power plants to stay vigilant. While it lacks the technical abilities of China or Russia, Iran has long been known as a “chaos agent” when it comes to using cyberattacks to steal secrets, score political points or frighten opponents. Cyberattacks mounted by Iran’s government may end if the ceasefire holds and Tehran looks to avoid another confrontation with the U.S. But hacker groups could still retaliate on Iran’s behalf. In some cases, these groups have ties to military or intelligence agencies. In other cases, they act entirely independently. More than 60 such groups have been identified by researchers at the security firm Trustwave. These hackers can inflict significant economic and psychological blows. Following Hamas’ Oct. 7, 2023, attack on Israel, for instance, hackers penetrated an emergency alert app used by some Israelis and directed it to inform users that a nuclear missile was incoming. “It causes an immediate psychological impact,” said Ziv Mador, vice president of security research at Trustwave’s SpiderLabs, which tracks cyberthreats. Economic disruption, confusion and fear are all the goals of such operations, said Mador, who is based in Israel. “We saw the same thing in Russia-Ukraine.” Collecting intelligence is another aim for hackers While Iran lacks the cyberwarfare capabilities of China or Russia, it has repeatedly tried to use its more modest operations to try to spy on foreign leaders — something national security experts predict Tehran is […]