Department of Homeland Security on Iran Threat

Iran appears to still be intent on killing U.S. officials allegedly responsible for the 2020 assassination of General Qassem Soleimani, the commander of the elite Qods Force, according to an annual Department of Homeland Security (DHS) threat assessment. The report warned that Iran would also continue to target U.S.-based Iranian dissidents and critics of the regime.  

DHS also highlighted Iranian efforts to polarize American society. Tehran tried to “amplify divisive narratives to incite violence, influence the US electorate, and degrade trust in the electoral process” prior to the 2020 election.  And it has used advanced cyber-attacks and artificial intelligence to interfere in the 2024 election. Iranian actors have “sought access to individuals with direct access to the presidential campaigns of both political parties” to steal information and influence the U.S. election process.

Iran also posed a threat to U.S. public safety. Iranian hacker groups and state-aligned cyber actors exploited system vulnerabilities to target U.S. infrastructure in response to U.S. support for Israel. The following are excerpts from the report.  

 

Executive Summary 

CRITICAL INFRASTRUCTURE SECURITY: Domestic and foreign adversaries almost certainly will continue to threaten the integrity of our critical infrastructure with disruptive and destructive cyber and physical attacks, in part, because they perceive targeting these sectors will have cascading impacts on US industries and our standard of living. The PRC, Russia, and Iran will remain the most pressing foreign threats to our critical infrastructure. Most concerningly, we expect the PRC to continue its efforts to pre-position on US networks for potential cyber attacks in the event of a conflict with the United States. Nation-states, criminal hacktivists, and financially motivated criminals will likely hone their techniques to disrupt US services or to conduct espionage focused on gaining access to US networks, including critical infrastructure entities. We assess that domestic and foreign violent extremists will continue to call for physical attacks on critical infrastructure in furtherance of their ideological goals and, at times, in response to international conflicts and crises. 

Public Safety and Security 

Terrorism 

Among state actors, we expect Iran to remain the primary sponsor of terrorism and continue its efforts to advance plots against individuals—including current and former US officials—in the United States. 

  • Iran maintains its intent to kill US government officials it deems responsible for the 2020 death of its Islamic Revolutionary Guards Corps (IRGC)-Qods Force Commander and designated foreign terrorist Qassem Soleimani. In August 2024, a Pakistani national with ties to Iran was indicted for a planned assassination of US government officials. In June 2023, the US Department of the Treasury designated six IRGC members for their role in assassination plots targeting former US government officials, dual US and Iranian nationals, and Iranian dissidents. 

Nation States: Influence Operations and Transnational Repression 

  • Iran is becoming increasingly aggressive in its foreign influence efforts, seeking to stoke discord and undermine confidence in our democratic institutions. Over the last year, Iranian information operations have focused on weakening US public support for Israel and Israel’s response to the 7 October 2023 HAMAS terrorist attack. These efforts have included leveraging ongoing protests regarding the conflict, posing as activists online, and encouraging protests. Prior to the 2020 US presidential election, Iran also attempted to amplify divisive narratives to incite violence, influence the US electorate, and degrade trust in the electoral process 
  • Iran almost certainly will continue to target US-based Iranian dissidents because Iran views their anti-regime activities as an existential threat. In the past several years, Iran has used US persons, Iranian diaspora members, and third-country nationals to surveil, harass, and intimidate regime dissidents. Iran’s use of violence—to include murder—against US-based regime opponents since the early days of the Iranian Revolution, and the regime’s global persecution of opponents, strengthens our assessment that it will continue to pursue dissidents in the Homeland. 

Threat Actors Likely to Focus on 2024 Election Cycle 

  • As the election approaches, we expect foreign malign influence actors to increase their overt and covert use of media outlets, networks of inauthentic social media accounts, and agents of influence to launder and spread their preferred narratives and further their election-related goals. We are beginning to see Russia target specific voter demographics, promote divisive narratives, and denigrate specific politicians. Russia seeks to shape electoral outcomes, undermine electoral integrity, and amplify domestic divisions, while using a variety of approaches to bolster its messaging and lend an air of authenticity to its efforts. Iran, meanwhile, perceives this year’s elections as particularly consequential for its own national security interests, and we have observed increasingly aggressive Iranian activity during this election cycle, specifically involving influence operations targeting the American public and cyber operations targeting presidential campaigns. Iran, the PRC, and Russia have also increasingly used generative AI to create more believable text, inauthentic synthetic audio, and video that may enhance their ability to reach US audiences while hiding their origins. 
  • US election infrastructure—including voter registration databases and associated information technology (IT) infrastructure and systems—may be targeted by a broad swath of opportunistic malicious cyber actors. These critical elections components and systems typically hold sensitive personally identifiable information of US persons, much of which may also be publicly or commercially available, that could be used to facilitate follow-on foreign malign influence campaigns or other illicit activity. Financially motivated cyber criminals may penetrate and steal information from these systems to sell online or use the information obtained for other illicit or criminal purposes like fraud, scams, or additional cyber operations. Malicious cyber actors are also likely to employ election-themed spear-phishing—targeted phishing—and smishing—phishing using text messages—against individuals like election workers, political party and campaign staff and volunteers, and state and local government employees to gain access to networks of interest, including election-related targets, to collect intelligence or other sensitive information. The Intelligence Community is confident that Iranian actors have—through social engineering and other efforts— sought access to individuals with direct access to the presidential campaigns of both political parties. Such activity, including thefts and disclosures of information, are intended to influence the US election process. Iran and Russia have used these tactics not only in the United States during this and prior federal election cycles, but also in other countries around the world. 

Disruptive and Destructive Cyber Attacks Targeting Critical Infrastructure 

  • Iranian government and other cyber actors sympathetic to Tehran’s interests will continue to target US critical infrastructure, among other targets, in retaliation for US support to Israel during the Gaza conflict. Iran will use a range of opportunistic tactics, including exploiting publicly known software and hardware vulnerabilities, social engineering techniques, and publicly available cybersecurity tools. After HAMAS’s October 2023 attack on Israel, dozens of pro-Iran criminal hacktivist groups conducted primarily low-level cyber attacks—such as distributed denial-of-service attacks—against Israeli, Palestinian, and US networks and websites. Later that November, Iranian IRGC-affiliated cyber actors—ostensibly posing as a criminal hacktivist group—used default credentials to successfully compromise and deface Israeli-manufactured OT devices used by US critical infrastructure sector entities. 

Economic Espionage and Influence 

  • The PRC and other foreign adversaries also will continue their aggressive efforts to target and steal sensitive US information, research, and technology, resulting in billions of dollars in economic losses, damage to US competitiveness, and the transfer of cutting-edge technology to adversarial militaries. Since 2023, US authorities have charged more than 20 individuals for activities related to intellectual property theft and for violations of US sanctions or export controls for China, Iran, and Russia. PRC officials’ engagements with US state, local, and private sector officials—also known as subnational engagements—probably also enable PRC economic espionage activities and enhance Beijing’s ability to influence local policy to favor PRC priorities over US national interests.