{"id":193423,"date":"2026-03-06T11:39:00","date_gmt":"2026-03-06T16:39:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/03\/06\/iran-war-will-bring-wave-of-low-level-cyber-activity-says-intelligence-group\/"},"modified":"2026-03-06T12:25:10","modified_gmt":"2026-03-06T17:25:10","slug":"iran-war-will-bring-wave-of-low-level-cyber-activity-says-intelligence-group","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/03\/06\/iran-war-will-bring-wave-of-low-level-cyber-activity-says-intelligence-group\/","title":{"rendered":"Iran war will bring wave of &#8216;low-level cyber activity,&#8217; says intelligence group"},"content":{"rendered":"<p><a href=\"https:\/\/statescoop.com\/iran-war-2026-low-level-cyber-activity-says-intelligence-group\/\">Iran war will bring wave of &#8216;low-level cyber activity,&#8217; says intelligence group<\/a><\/p>\n<p><a href=\"https:\/\/statescoop.com\/iran-war-2026-low-level-cyber-activity-says-intelligence-group\/\">https:\/\/statescoop.com\/iran-war-2026-low-level-cyber-activity-says-intelligence-group\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-06 11:39:00<\/a><\/p>\n<p>Source Domain: <a href=\"statescoop.com\">statescoop.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>Print out critical documents. Sanitize social media accounts. Prepare for attacks, both on- and offline. And if you\u2019re planning a big upgrade, think about how potential rate hikes, cloud service outages or global supply-chain disruptions might complicate it.<\/p>\n<p>This was some of the advice aimed at state and local government officials during an online briefing held Tuesday by an information-sharing group operated by the Center for Internet Security, an Upstate New York nonprofit that\u2019s striving to keep its members informed on the physical and cybersecurity threats they face after the United States and Israel last weekend began their deadly strikes on Iran.<\/p>\n<p>President Donald Trump\u2019s decision to carry out a war of \u201coverwhelming strength and devastating force,\u201d was welcomed by Israeli Prime Minister Benjamin Netanyahu, who for months has solicited aid for such a conflict. Conflict having commenced, the United States military appears prepared to sustain a campaign that will last for at least several weeks; for state and local officials, this will likely mean a growing volume of \u201clow-level cyber activity,\u201d like distributed denial-of-service attacks and website defacements, organizers of the center\u2019s Multi-State Information Sharing and Analysis Center said during Tuesday\u2019s briefing.<\/p>\n<p>Though military strikes have left internet service highly unstable across much of Iran, TJ Sayers, MS-ISAC\u2019s senior director of threat intelligence, said there are at least a couple reasons for government agencies to anticipate a wave of cyber activity, one being that hacktivist and proxy groups are beginning to form a \u201ccollective,\u201d \u201cwhich would give them a little bit more robust targeting capabilities.\u201d Palo Alto Networks\u2019 Unit 42 this week reported seeing a \u201csurge\u201d in activity that includes as many as 60 politically motivated cyber groups that are aligned with Iran or Russia.<\/p>\n<p>Another reason to prepare for cyberattacks, Sayers said, is that Iran has allies: It\u2019s allowing Chinese and Russian vessels through its shipping corridors, and Russia has begun information campaigns that amplify reports, \u201cconfirmed or not,\u201d of Iranian casualties. (The New York Times reported Tuesday that nearly 900 people had so far been killed in just a few days of war. The dead include not only Ayatollah Ali Khamenei, Iran\u2019s supreme leader, but many civilians. A strike on a girls school on Saturday killed 175 people, most of them children.) Sayers said his group anticipates Russia will use images, including AI-generated deepfakes, to erode public support for the war and \u201cto fracture U.S.-Israel coalition.\u201d<\/p>\n<p>\u201cRussia will almost certainly try to justify their ongoing war with Ukraine\u201d by pointing to U.S. and Israeli intervention in Iran, Sayers continued. And China, he said, may point to this conflict, and the recent U.S. strikes on Venezuela, to justify a future invasion of Taiwan. Both could use the ongoing chaos to augment cyber campaigns against all levels of U.S. government, said Sayers, who added that the financial, energy and government sectors are expected to attract the most attention.<\/p>\n<p>He pointed to recent surges of activity by Iran-linked groups, including MuddyWater, FAD Team and DieNet, as indicators of what the coming weeks may bring. Iranian cyberattacks against state and local governments are not certain, but what\u2019s less uncertain is that the region\u2019s violence will destabilize the globe\u2019s technological ecosystem. Damage to Amazon Web Services data facilities in recent days \u2014 two in the United Arab Emirates and one in Bahrain \u2014 drove global service outages. Google, Microsoft and Oracle, though not yet affected, also house computing facilities in the Middle East. \u201cA lot of civilian infrastructure is being hit,\u201d Randy Rose, MS-ISAC\u2019s vice president for security operations and intelligence, said during the briefing.<\/p>\n<p>Rose also pointed at other \u201chigh value soft targets\u201d: undersea cables, internet exchange points, cloud infrastructure and global navigation systems, the latter of which are already being jammed. \u201cIran\u2019s also targeting civilian shipping vessels and tankers,\u201d Rose said. \u201cEven a partial or short-term closure [of shipping lanes] can trigger cascading effects, from prices in crude oil going up, but also supply chain disruption in technology.\u201d<\/p>\n<p>At the briefing\u2019s conclusion, organizers offered numerous recommendations, while the group\u2019s members \u2014 (MS-ISAC now claims more than 18,000 state, local, tribal and territorial governments as members) \u2014 flooded the chat with thumbs up, confetti and heart emojis. Organizers urged their members to patch \u201chigh-impact environments\u201d \u2014 such as critical and cloud infrastructure \u2014 and to prioritize public-facing services. They encouraged carefully validating user input on forms, to limit SQL injections, and using firewalls and content delivery networks to mitigate potential DDoS attacks.<\/p>\n<p>They even recommended officials take steps to limit the availability of extraneous information about their employees and organizations on public websites, to \u201csanitize\u201d social media accounts and to request that data brokers and real-estate aggregators delete any stored information: \u201cYou don\u2019t want to be a low-hanging fruit if there\u2019s a physical attack,\u201d Sayers said.<\/p>\n<p>A man wearing clothes displaying an Iranian flag design and the words \u201cProperty of Allah\u201d on Sunday killed two people and wounded 14 others at a bar in Austin, Texas, an attack the FBI is investigating as a possible terrorist attack. Sayers encouraged vigilance along the Mexican and Canadian borders, where he said \u201cIranian-aligned proxy groups\u201d may be waiting to \u201cengage in violence.\u201d \u201cAny type of U.S. government, whether federal or local, would be a prime target for these types of physical threats,\u201d he said.<\/p>\n<p>Melissa Bischoping, the senior director of security and product design research at the cybersecurity firm Tanium, who did not attend the briefing, said that at the start of any major geopolitical conflict, everyone becomes concerned about potential \u201ccyber fallout.\u201d So far, she said, \u201cwe\u2019re not currently seeing a lot of credible, validated campaigns targeted specifically targeting state and local infrastructure, but \u2014 and it\u2019s an important but \u2014 that doesn\u2019t mean there\u2019s not a risk that people need to be aware of and that organizations need to be planning for, because Iran does have a history of targeting municipal infrastructure and this would be in their potential wheelhouse to do.\u201d<\/p>\n<p>Bischoping\u2019s advice was largely similar to that of the MS-ISAC\u2019s: Nail the basics of patching and hardening the pieces of equipment that are \u201ctypical targets\u201d of attackers, like VPN devices and edge routers. But she also offered a familiar piece of political advice: \u201cNever waste a crisis. I think if you\u2019re a technology leader in an organization, this is a good time, because it is going to be top of mind with the people making the decisions about modernization and budget and what you\u2019re able to accomplish.\u201d<\/p>\n<p>\t\t\tWritten by Colin Wood<br \/>\n\t\t\tColin Wood is StateScoop&#8217;s editor in chief. Contact him at colin.wood@statescoop.com or cwood.64 on Signal.\t\t<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Iran war will bring wave of &#8216;low-level cyber activity,&#8217; says intelligence group https:\/\/statescoop.com\/iran-war-2026-low-level-cyber-activity-says-intelligence-group\/ Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":193424,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2026\/03\/GettyImages-2263662126.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24],"class_list":["post-193423","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/193423"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=193423"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/193423\/revisions"}],"predecessor-version":[{"id":193425,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/193423\/revisions\/193425"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/193424"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=193423"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=193423"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=193423"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}