Iran-linked hacktivists are mobilizing to unleash a wave of cyber attacks on U.S. state and local governments, threatening to disrupt critical infrastructure and expose Americans’ personal information in retaliation for recent U.S.-Israeli military strikes. Hacktivist Groups Coordinate Retaliatory Operations The Multi-State Information Sharing and Analysis Center issued urgent warnings this week following a weekend U.S.-Israeli bombing campaign that crippled Iran’s internet infrastructure. Randy Rose, MS-ISAC Vice President for Security Operations and Intelligence, told security professionals that Iran-aligned hacktivist groups operating outside Iran’s borders are mobilizing for coordinated cyber operations against American targets. These groups have already demonstrated their capabilities, with the DieNet group launching distributed denial-of-service attacks on U.S. ports and the Fatimiyoun Cyber Team claiming successful code injections and personal data theft from a U.S. township government. This coordinated response represents a significant shift from previous independent hacktivist operations to unified targeting strategies. Critical Infrastructure Faces Escalating Threats TJ Sayers, MS-ISAC Senior Director for Threat Intelligence, detailed how Iranian regime guidance provided to hacktivist groups before hostilities escalated now drives their operational tempo. The attacks target state and local government networks, financial services, energy sectors, and telecommunications infrastructure with low-level disruptions including website defacements and service outages. Security experts warn these initial probing attacks could escalate to more destructive operations if military tensions continue. The Iranian drone strikes on Amazon Web Services data centers in the United Arab Emirates demonstrate hacktivists’ willingness to target physical infrastructure supporting digital services. This approach threatens not just government operations but also private sector entities relying on cloud infrastructure and Israeli-manufactured technology components. Disinformation Campaigns Threaten Public Trust MS-ISAC experts identified a concerning pivot toward artificial intelligence-enhanced disinformation operations designed to undermine American resolve. Randy Rose warned that hacktivist groups plan to deploy deepfake technology creating false narratives about the conflict, specifically targeting Western coalition unity and public support for U.S. military operations. These psychological operations represent a long-term strategy to fracture political will without directly attacking hardened military networks. The combination of nuisance-level cyber disruptions causing service outages and sophisticated disinformation campaigns exploiting AI technology poses dual threats to both operational continuity and democratic discourse. Security analysts note this represents Iran’s adaptation of decade-long “invisible war” tactics, leveraging proxy forces while state-sponsored actors remain strategically quiet, possibly sheltering from kinetic warfare impacts. State and Local Governments Vulnerable to Attacks The targeting of subnational government entities reflects hacktivists’ recognition that state and local networks often lack the robust cybersecurity defenses of federal agencies. Recent breaches exposed personally identifiable information from township databases, demonstrating how even small municipalities face sophisticated threat actors backed by foreign regimes. The Cyber Islamic Resistance group has claimed successful data-wiping attacks on U.S. and Israeli logistics networks, while multiple hacktivist collectives coordinate their target selection for maximum disruptive impact. Energy sector vulnerabilities particularly concern security professionals, as operational technology environments controlling physical infrastructure face spear-phishing campaigns and potential destructive malware deployment. Recorded Future’s Insikt Group assessed that escalating military hostilities significantly increase the likelihood of destructive cyber operations progressing from Gulf targets to direct attacks on American critical infrastructure networks. FLASH – Iran-linked hacktivists could target US state and local targets, experts warn. Networks, government websites, and critical infrastructure providers should buckle up.https://t.co/6WsDdSaYh7 — Whazas (@Whazas1) March 4, 2026 The blurred lines between independent hacktivist groups and Islamic Revolutionary Guard Corps-directed operations enable sophisticated disruption while maintaining plausible deniability for the Iranian regime. Security experts emphasize that American communities face immediate risks from these coordinated cyber campaigns, with service disruptions, data breaches, and supply chain interference already materializing. The shift from state-sponsored quietude to proxy activism demonstrates how authoritarian regimes exploit non-state actors to wage asymmetric warfare against American interests while avoiding direct attribution. State and local officials must immediately enhance cybersecurity postures, recognizing that the cyber battlespace now extends to every township, port authority, and public utility serving American citizens. Sources: Iran-linked hacktivists could target governments, experts warn – Defense One Iran-linked hacktivists could target governments, experts warn – Nextgov Iranian Cyber Proxies Active, But Nation-State Hackers Quiet – Gov Info Security