Hacktivist Groups Target U.S. Companies and Military Domains in Retaliation for Iran Attacks

The United States has become a popular target for hacktivist groups in the escalating Israel-Iran conflict, following U.S. attacks on Iranian nuclear sites on June 21, 2025.

Several pro-Iranian hacktivist collectives, including Mr Hamza, Team 313, Cyber Jihad, and Keymous+, have claimed responsibility for a series of Distributed Denial of Service (DDoS) attacks targeting U.S. military domains, major aerospace and defense corporations, and key financial institutions.

These cyberattacks are seen as retaliatory measures following U.S. involvement in the conflict, which began with Israeli strikes on Iranian targets on June 13.

U.S. Becomes a Focal Point

The cyber warfare has since escalated, with Iran and Israel exchanging missile and drone attacks, including an Iranian strike on a U.S. military base in Qatar on June 23.

Alongside physical confrontations, the digital battlefield has seen DDoS campaigns, data breaches, website defacements, and electronic interference with commercial navigation systems in the Persian Gulf.

Cyble, a leading threat intelligence provider, has documented claims of cyberattacks against 15 U.S. organizations and 19 websites by Iran-aligned groups since the U.S. airstrikes.

Mr Hamza, for instance, targeted U.S. Air Force domains and aerospace firms under the hashtag #Op_Usa, providing evidence of website downtime via check-host.net reports spanning a 10-hour period on June 22.

Similarly, Keymous+ claimed disruptions to U.S. financial entities, showcasing a one-hour outage on the same day.

Scale of Attacks

However, not all claims hold up under scrutiny Team 313’s alleged attack on Truth Social, the social media platform linked to U.S. President Donald Trump, lacks sufficient evidence. Meanwhile, Cyber Jihad has signaled intent for future attacks using #OpUSA.

The Department of Homeland Security (DHS) issued a warning on June 22, cautioning against low-level cyberattacks on U.S. networks by pro-Iranian hacktivists and potential state-backed Iranian cyber actors exploiting poorly secured internet-connected devices.

DHS also highlighted risks of violent reprisals if Iranian leadership issues religious decrees for retaliation.

Comparatively, the volume of hacktivist activity targeting U.S. entities remains smaller than the extensive campaigns in the Middle East, where Cyble identified 88 active hacktivist groups, 81 of which align with Iran.

Notable actors like Handala have claimed 15 ransomware and extortion attacks against Israeli targets, often backing claims with data samples.

Additionally, a threat actor on the Darkforums cybercrime forum offered unauthorized SSH access and VPN credentials to an alleged Israel Defense Forces portal for 2 BTC, hinting at deeper infiltrations.

While Russia-linked groups have largely stayed on the sidelines, exceptions include Z-Pentest’s claim of breaching an Israeli industrial control system and NoName057(16)’s DDoS attack on an Israeli transportation entity.

As the Middle East conflict broadens, organizations worldwide face heightened risks of hacktivist-driven disruptions.

Cyble advises robust DDoS defenses, vulnerability management, Zero-Trust security models, and incident response planning to mitigate threats ranging from data breaches to critical infrastructure attacks.

With cyber warfare mirroring geopolitical tensions, the stakes for unprepared entities are higher than ever.