Since 2011, the Islamic Republic of Iran and pro-regime hackers have increasingly utilized digital technology to threaten U.S. national security, conducting dozens of cyber operations against Americans. Recently, on June 30, the U.S. government issued an advisory warning that Iran may launch additional cyberattacks against U.S. critical infrastructure and the defense industrial base. This publication identifies dozens of cyberattacks that Tehran and Tehran-aligned hackers have perpetrated against the United States. While the list is not comprehensive, it demonstrates that Iranian state entities and pro-regime hackers present a continuing cyber threat to U.S. persons, companies, and infrastructure.
Late 2011-Mid-2013: Iranian hackers working on behalf of the Islamic Revolutionary Guard Corps (IRGC) launch distributed denial of service attacks against 46 U.S. banks, disrupting online banking systems and costing millions in damages. The U.S. Department of Justice (DOJ) indicts seven hackers and two Iranian computer companies in March 2016 for conducting the operation.
May 2013: The Department of Homeland Security (DHS) reports that multiple U.S. adversaries, including Iran, are probing the U.S. electrical grid for vulnerabilities.
September 2013: The U.S. Navy blames Iran for hacking its intranet systems in San Diego. The cybersecurity firm Cylance assesses that this attack is part of a two-year Iranian espionage and sabotage operation against multiple U.S. and foreign targets.
September 2013: An Iranian hacker contributing to the 2011-2013 attacks on U.S. banks also compromises industrial control systems at Bowman Avenue Dam in Rye, New York. While the control systems had been disconnected for maintenance at the time, the access would have otherwise permitted the hacker to manipulate the dam’s gate.
May 2014: U.S. cybersecurity firm FireEye warns that Iranian hackers are becoming more sophisticated and targeting the U.S. defense industrial base with cyber espionage campaigns.
December 2014: Iranian hackers launch a cyberattack that destroys the computer systems of a Las Vegas casino chain owned by Republican donor Sheldon Adelson in retaliation for his vocal opposition to Iran’s nuclear program.
October 2015: The IRGC hacks the email and social media accounts of several Obama administration officials as well as academics and journalists.
June 2016-February 2019: An Iranian hacking group targets at least 18 U.S. government and private sector entities in the engineering, chemical, research, energy consultancy, finance, IT, and healthcare sectors, including Fortune 500 companies.
June 2016-July 2020: Iranian hackers deface hundreds of websites around the world. The attacks include 51 U.S. websites targeted in January 2020 in retaliation for the U.S. assassination of IRGC Quds Force chief Qassem Soleimani.
November 2017: The DOJ indicts a hacker affiliated with the Iranian military for stealing proprietary information from HBO and attempting to extort the company.
March 2018: The DOJ indicts nine hackers working on behalf of an Iranian government group for stealing intellectual property from more than 144 U.S. universities, the U.S. Department of Labor, and the Federal Energy Regulatory Commission. Despite the indictments, the hacks continue for at least another year.
May 2018: U.S. security firms report an increase in Iranian hacking activity following the Trump administration’s announcement that the United States will withdraw from the 2015 Iran nuclear agreement, formally known as the Joint Comprehensive Plan of Action (JCPOA).
November 2018: The DOJ indicts two Iranians for conducting ransomware attacks, including an attack on Atlanta’s government that disrupted city services.
February 2019: The DOJ indicts four Iranians responsible for a 2014-2015 cyber espionage operation targeting U.S. intelligence officials.
July 2019: U.S. Cyber Command issues an alert warning that a pro-regime hacking group is targeting U.S. government networks.
October 2019: Iranian hackers launch a series of attacks against the Trump presidential campaign.
November 2019: Microsoft warns that Iranian hackers are attempting to breach industrial control systems — the devices used to control physical processes that generate electricity, manufacture goods, and refine oil — in order to conduct physically disruptive attacks in the United States.
January 2020: An Iranian hacking group launches an attack on the U.S. research company Wesat, which suspects that the hackers attempted to gain access to the firm’s clients in the public and private sectors.
August 2020: The FBI warns that Iranian hackers are exploiting vulnerabilities to obtain access to U.S. companies and sell the access to other groups to conduct cyberattacks.
September 2020: The U.S. government reveals that Iranian hackers are targeting U.S. organizations in the IT, government healthcare, finance, and media sectors.
September 2020: The DOJ indicts IRGC-affiliated hackers for attacks on U.S. aerospace and satellite technology companies.
September 2020: The FBI discovers spyware designed by Iranian intelligence to monitor critics of the Islamist regime in the United States and abroad.
October 2020: The U.S. government blames Iranian hackers for compromising state election websites by illicitly downloading voter registration information. Washington also accuses the hackers of conducting a voter intimidation campaign. The DOJ indicts two operatives in November 2021 for the attacks.
November 2020: The FBI and the DOJ seize 27 website domains secretly run by the IRGC as part of a worldwide influence operation targeting Americans and global audiences.
March 2021: Iranian hackers linked to the IRGC attempt to steal information from geneticists, neurologists, and oncologists in the United States and Israel.
June 2021: Iranian state-sponsored hackers successfully compromise an unnamed children’s hospital, according to FBI Director Christopher Wray.
July 2021: Iranian hackers exploit Facebook to pose as recruiters and defense contractors in order to trick U.S. military personnel into sharing sensitive personal information.
August 2021: Iranian state-sponsored hackers attempt to attack the Boston Children’s Hospital. The DOJ indicts the hackers in September 2022.
October 2021: Microsoft reveals that pro-regime hackers are attempting to compromise U.S. and Israeli defense technology companies, global maritime transportation companies, and port operators. The hackers successfully hacked about a dozen companies, Microsoft says.
November 2021: The United States, Australia, and the United Kingdom warn that hackers affiliated with the government of Iran are targeting critical infrastructure, particularly entities in the transportation and healthcare sectors. The three countries accuse the hackers of stealing information and extorting victims.
February 2022: The U.S. and U.K. governments warn that Iranian state-sponsored hackers are attacking government and commercial networks.
April 2022: Google’s Threat Analysis Group reveals that Iranian state-backed hackers have developed a new tool to steal information from Gmail, Yahoo, and Microsoft Outlook accounts.
September 2022: The DOJ indicts three Iranian nationals for conducting ransomware attacks against U.S. municipalities, an electric utility company, and a public housing authority.
November 2022: Iranian state-sponsored hackers compromise federal networks, steal information, and conduct a crypto-mining scheme.
April 2023: Microsoft warns that IRGC-linked hackers are refining their tactics to compromise “high-value targets,” including U.S. ports, energy companies, and transit systems.
November 2023: IRGC-affiliated hackers successfully breach about a dozen water and wastewater utilities across the United States, gaining access to the equipment used to control them. The hackers also deface the screens of the equipment with anti-Israeli and anti-American messages.
August 2024: Iranian state-backed actors hack the networks of the Trump presidential campaign, stealing information and attempting to publicize the information to harm President Donald Trump’s campaign.
October 2024: The U.S. government urges critical infrastructure managers to heighten security against Iranian attempts to compromise networks.
June 2025: The U.S. government warns that state-backed as well as independent, pro-regime hackers may attempt to conduct cyber operations against U.S. networks. The government warning draws particular attention to threats to the defense industrial base.
July 2025: IRGC-affiliated hackers threaten to release sensitive information and private emails stolen from top aides to Trump in retaliation for U.S. strikes on Iran’s nuclear weapons facilities.
Annie Fixler is the director of the Center on Cyber and Technology Innovation (CCTI) at the Foundation for Defense of Democracies (FDD) and an FDD senior fellow. Stefan Videnovic is a CCTI intern. For more analysis from the authors and CCTI, please subscribe HERE. Follow FDD on X @FDD, @FDD_CCTI, and @FDD_Iran. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.
