U.S. warns of Iranian cyberattacks as cybercrime losses surge to $21 billion

Iranian-linked hackers are exploiting a widening gap between weak defenses and faster, cheaper attack tools. U.S. agencies warned that actors tied to Iran’s Islamic Revolutionary Guard Corps are targeting American devices and networks, while the FBI said AI-driven fraud helped lift cybercrime losses to nearly $21 billion last year.

In a June 30, 2025 joint alert, the NSA, CISA, FBI and DC3 said IRGC-affiliated cyber actors may conduct near-term operations against U.S. targets, including critical-infrastructure organizations and defense industrial base companies with ties to Israeli research or defense firms. The warning said these groups have historically gone after poorly secured networks and internet-connected devices, often taking advantage of unpatched or outdated software and default or common passwords. Officials said Iranian state-sponsored or affiliated actors are likely to increase distributed denial-of-service campaigns and could also turn to ransomware, while aligned hacktivists have stepped up website defacements and leaks of stolen sensitive information.

The timing matters because the attack surface is getting easier to exploit on both sides of the crime market. The FBI’s 2025 Internet Crime Report, released April 6, said the Internet Crime Complaint Center received 1,008,597 complaints in 2025, up from 859,532 in 2024, and that cyber-enabled crime drained nearly $21 billion from Americans. People over 60 reported about $7.7 billion in losses, a 37% jump from 2024, and investment fraud accounted for nearly 49% of scam-related losses. Those numbers show how quickly digital crime has moved from nuisance to household and balance-sheet risk.

For the first time in the IC3’s nearly 25-year history, the report included a separate section on artificial intelligence. It logged 22,364 AI-related complaints and nearly $893 million in losses, with scammers using fake social profiles, voice clones, identification documents and believable videos to pressure victims. The mix makes old defenses less reliable: a suspicious email can now be paired with a convincing voice message or synthetic video, turning basic social engineering into a much more persuasive attack.

CISA has continued to publish Iran state-sponsored cyber threat advisories and guidance for organizations deploying and operating AI systems, reflecting a new defensive reality. Businesses now have to secure aging networks against known weaknesses while also vetting the AI tools and synthetic content that can be used to impersonate executives, employees and customers. The result is a broader, more immediate threat landscape, with attackers benefiting from both technical gaps and the speed of machine-generated deception.