Goldman Sachs Among US Banks Warned of Iran-Linked Cyber Threats

U.S. banks including Goldman Sachs, JPMorgan and Citigroup have ramped up cybersecurity monitoring after a U.S. intelligence assessment warned that Iran-aligned hacktivists could conduct low-level cyberattacks such as distributed denial-of-service attacks, industry reporting said. Executives and analysts told Reuters that the financial services sector is on heightened alert and firms are stepping up monitoring as geopolitical conflict increases cyber risk.

The intelligence assessment described the likely attack vector as DDoS, “whereby hostile actors overwhelm a targeted server with a flood of internet traffic,” stripping capacity from trading platforms and payment systems if sustained. Industry groups and banks are focusing on operational resilience to protect U.S. capital markets, and the original brief notes that no incidents have been reported yet.

The sector has historical precedent for Iranian-linked campaigns. American Banker detailed Operation Ababil, a coordinated campaign from late 2011 to mid-2013 that federal prosecutors say involved massive DDoS attacks against 46 major financial institutions, including Bank of America, the New York Stock Exchange and Capital One. More recently, American Banker reported that following Operation Midnight Hammer in June 2025, the Financial Services Information Sharing and Analysis Center reported a significant spike in DDoS attacks disproportionately targeting the global financial sector.

FS-ISAC’s 2025 report, cited in industry coverage, found that the financial services sector was the top target of DDoS attacks in 2024, with the Hamas-Israel and Russia-Ukraine wars fueling a surge in hacktivism. An FS-ISAC spokesperson “did not immediately provide a comment” in response to queries about the current alert level, according to republications of the reporting.

Analysts flagged both direct cyber risk and broader economic consequences. Morningstar DBRS warned that “Iran could increase its cyberattacks against Western entities, including banks,” and noted that the most significant risks to global banks and asset managers were likely to be indirect, including sustained higher oil prices and shocks to borrowers, while still cautioning that cyber risks could also rise. Lazard’s geopolitical advisory team similarly flagged a willingness by Iran to deploy cyber capabilities against commercial targets.

Public reaction and social media amplified the alert: a Facebook post headlined “BREAKING: U.S. Banks Placed On Heightened Alert For Possible Cyberattacks” by user Jay Towers recorded 276 reactions, 74 comments and 152 shares, with sample comments urging heightened security or recommending cash and precious metals. Regulators that previously issued warnings about Iranian cyber activity — the FBI and CISA in August 2024 and a federal advisory in October 2024 citing brute-force and multifactor authentication abuse — remain relevant reference points for banks reinforcing defenses.

As firms increase monitoring and harden systems, market participants and regulators will be watching for any confirmed incidents that could disrupt clearing, payments or Treasury market activity; for now, industry reporting emphasizes vigilance rather than reported breaches.