Government and cybersecurity experts also warn the conflict with Iran could ignite anti-Semitic hate crimes from “violent extremists” against perceived Jewish or pro-Israel targets.

Microsoft has dubbed cyber threats based from Iran with the code-name “sandstorm”. Tehran has been escalating its digital attacks on critical infrastructure in Israel and other Middle Eastern and Western countries for the past decade.

Iran is ranked alongside Russia, China and North Korea in its capacity to wreak cyber havoc, and Australia is not immune.

The Australian Signals Directorate has warned that Iran-based hackers are “compromising critical infrastructure” using brute force attacks, such as “password spraying” and “multi-factor authentication (MFA) push bombing” to gain access to user accounts and infiltrate corporate and government networks.

Password spraying is when hackers attempt to access a large number of accounts with a few commonly used passwords, while MFA push bombing tricks users into approving log on requests.

Randy Barr, chief information security officer at Cybersecurity firm Cequence, said attacks were no longer isolated to countries directly involved in geopolitical conflict.

“In the case of Iran, it’s not just about their known cyber capabilities—it’s about the broader network of proxy actors and aligned nations who may view recent US actions as justification for retaliation. This dramatically increases the likelihood that the US and its allies will become targets of cyberwarfare, especially from adversaries seeking to exploit regional instability,” Mr Barr said.

“Iran has historically demonstrated a strong capability in cyber operations, often leveraging credential theft, social engineering, and access via federated identity systems. What makes their tactics especially dangerous is their tendency to abuse federated and third-party access—essentially exploiting trusted relationships and integrations to move laterally and persist undetected.”

Mr Barr said companies must therefore review third-party integrations and ensure they have only have the minimum access required and identity federation is “hardened”,

Review federation controls and third-party integrations: Ensure identity federation (SSO,

He also said businesses must simulate geopolitical threat scenarios to prepare for a “direct hit”.

“Cyber conflict is no longer theoretical—it’s strategic, targeted, and often masked behind false flags. Companies need to prepare not just for a direct hit, but for sophisticated campaigns that exploit the gaps between identity, access, and trust.”

Marco Pereira, Capgemini Global head of cybersecurity, said there was a “very high probability’ that Iran will increase its cyber attacks.

Mr Pereira said one of the nuclear facilities in Iran that the US bombed was Stuxnet - a sophisticated computer virus that former American officials say was created by the US and Israel to spy on and attack on the Middle Eastern countries uranium-enrichment centres, was originally deployed more than a decade ago.

“The most sophisticated cyber weapon ever developed was used there. Now they had to go to, I would say, a more traditional warfare solution to stop the (nuclear) program.

“So organisations just need to look to the traditional Iranian threat actor groups, understand their behaviour, and run proactive threat hunts, to see if they’re seeing that type of behaviour in their organisations. That would be my recommendation.”

Medibank is the biggest Australian company to be targeted by a foreign hacker. Russia’s Aleksandr Ermakov infiltrated the health insurer, accessing the private data of 9.7 million Australians. When Medibank refused to pay a ransom, details about Medibank customers’ sexual health, pregnancies and what procedures they had undergone were published on the dark web.

The US Department of Homeland Security said this week that “hacktivists and Iranian government-affiliated actors routinely target poorly secured US networks and Internet-connected devices for disruptive cyber attacks”.

“Iran also has a long-standing commitment to target US government officials it views as responsible for the death of an Iranian military commander killed in January 2020,” the department said.

“The likelihood of violent extremists in the Homeland independently mobilising to violence in response to the conflict would likely increase if Iranian leadership issued a religious ruling calling for retaliatory violence against targets in the homeland. Multiple recent homeland terrorist attacks have been motivated by anti-Semitic or anti-Israel sentiment, and the ongoing Israel-Iran conflict could contribute to US-based individuals plotting additional attacks.”

Vandals targeted the heritage-listed Melbourne Hebrew Congregation synagogue twice last Sunday, with one piece of graffiti reading “Iran is da bomb” inscribed in a mushroom cloud, alongside another piece that said “free Palestine”.

Jared LynchTechnology Editor

Jared Lynch is The Australian’s Technology Editor, with a career spanning two decades. Jared is based in Melbourne and has extensive experience in markets, start-ups, media and corporate affairs. His work has gained recognition as a finalist in the Walkley and Quill awards. Previously, he worked at The Australian Financial Review, The Sydney Morning Herald and The Age.

@jaredm_lynch

More related stories

The Weekend Australian Magazine

The brain implant revolution is here. Why is its inventor terrified?

His brain implants will have far-reaching benefits for medical science and human evolution. But its the grave threats - of thought control and invasions of our mental privacy - keeping Tom Oxley awake at night.

Read more

Companies

What value should sharemarkets put on geopolitics?

For years, big investors have been calling out the rising influence of geopolitics on shares. The problem is no one knows how to quantify this.

Read more