The Department of Homeland Security has issued a national advisory warning that Iranian state and proxy actors may escalate efforts to target U.S. government officials and former policymakers. The June 22 bulletin outlines threats including cyber intrusions, surveillance, and assassination attempts, underscoring the Islamic Republic’s asymmetric strategy amid mounting tensions. Prudence suggests FSOs and others responsible for the security of facilities, personnel, and networks across federal agencies and contractors reassess vulnerabilities and raise readiness levels, especially for those outside of CONUS.
Bulletin Highlights: Threat Landscape
The DHS National Terrorism Advisory System Bulletin – June 22, 2025 details the following concerns:
- The bulletin emphasizes the probable targeting of current and former U.S. officials, particularly those associated with past Iran-focused policies.
- A religious ruling (fatwa) could potentially trigger an escalation in ideologically driven violence.
- Cyber operations, physical surveillance, and the exploitation of soft targets comprise hybrid threats.
Notwithstanding the announced ceasefire between Israel and Iran, the IRGC communiqués have referenced “regrettable responses” and “global reach” in the context of retaliation. Ismael Valenzuela, Vice President of Threat Research & Intelligence at Arctic Wolf, commented to ClearanceJobs, “This DHS bulletin highlights a growing reality: the cyber front of the Iran conflict is already active, and the United States and its allies are squarely in scope. Pro-Iranian hacktivist groups are launching opportunistic attacks designed to grab attention, while more capable, state-aligned actors may be positioning for more serious and sustained operations.”
Evidence of Past Plots
The DHS advisory is not without precedent. Recent cases demonstrate Iran’s intent and capability to reach into Western territories:
- In 2024, U.S. federal prosecutors charged two individuals in a plot to assassinate President-elect Donald Trump and two Jewish Americans in New York. The plan was allegedly directed and funded by Iran’s Islamic Revolutionary Guard Corps.
- That same year, three men—including a Canadian Hells Angels member—were indicted in a separate plot to kill dissidents in Maryland, backed by Iran’s Ministry of Intelligence.
- Our 2024 foreign espionage review again highlighted Iran’s broader strategy of cyber targeting, citing persistent attacks against U.S. defense contractors and infrastructure.
Within the context of the cyber threat, Chris Grove, director of cybersecurity strategy at Nozomi Networks, highlighted the need to monitor the activities involving known APTs and Iranian capabilities; these include:
- APT33 – aviation, energy, and ICS
- APT34 – government espionage
- APT35 – spear phishing and media impersonation
- Iranian Cyber Army – DDoS and ideologic defacements
- Void Manticore – wiper malware & ransomware operations
International Alignment
Several allied countries have independently issued public warnings in the past 48 hours, reinforcing DHS’s concern:
- Canada warns that “retaliatory measures by Iran could pose a risk to Canadians”, specifically dual nationals and those with Western affiliations.
- France urges citizens to “leave as soon as possible,” citing the “risk of military escalation and retaliatory violence” following recent attacks in Tehran.
- Australia highlights potential “retaliation, including cyberattacks and arbitrary detention,” and has temporarily shuttered its embassy.
These advisories are indicative of governments in multiple regions of the world recognizing the asymmetric threat posed by Iran.
Recommended Actions for Security Professionals
Security leaders and protective services teams should take the following immediate measures:
- Conduct targeted threat assessments for personnel involved in Iran-related programs or foreign policy.
- Audit cybersecurity controls across personal and organizational infrastructure.
- Deploy protective intelligence and digital footprint minimization for high-profile individuals and their families.
- Update travel security and contingency plans in coordination with diplomatic guidance.
Iran, a capable adversary
Valenzuela continued, “Iran is a capable and experienced cyber threat actor, with a track record that includes destructive wiper attacks, misinformation campaigns, and targeting of critical infrastructure. In the near term, we expect to see an increase in cyber activity aimed at organizations with exposed systems or perceived ties to the U.S. government, military, or allied interests. These may not always be headline-grabbing events, but the risk of silent intrusions or well-timed disruptive actions is very real.”
