Cyber threat bulletin: Iranian cyber threat to Canada from Israel-Iran conflict – Canadian Centre for Cyber Security
Summary
On 13 June 2025 Israel launched strikes against Iran and on 22 June the U.S. carried out precision airstrikes on Iranian nuclear facilities. U.S. agencies warned of potential retaliatory cyber activity by Iranian-affiliated actors targeting U.S. critical infrastructure. The Canadian Centre for Cyber Security assesses that Canada is unlikely to be a primary target, but could be an indirect or collateral victim because of North American interconnectivity in key sectors. Iran is also likely to continue cyber-enabled transnational repression against individuals in Canada the regime considers a threat.
Iranian state-sponsored actors and pro-Iran hacktivists use disruptive information operations, denial-of-service attacks, website and device defacements, ransomware, wiper malware and hack-and-leak operations. They commonly exploit known vulnerabilities, default or weak passwords and the absence of multi-factor authentication, and they employ sophisticated social engineering and spear-phishing targeting officials and organisations in sectors such as energy, transport, aerospace, defence and telecommunications. The bulletin notes a past IRGC campaign (Nov 2023–Jan 2024) that targeted poorly secured Israeli-made devices used in critical infrastructure.
Key Points
- Timeline: Israel struck Iran on 13 June 2025; the U.S. struck on 22 June 2025, prompting warnings of possible Iranian retaliation.
- Canada is not assessed as a priority target but could be affected indirectly or collaterally by campaigns aimed at the U.S.
- Primary tactics observed: DDoS, defacements, ransomware, destructive wipers and hack-and-leak operations.
- Actors exploit known vulnerabilities and weak configurations (default passwords, unpatched systems, lack of MFA).
- High use of social engineering and spear-phishing to obtain access to government and private sector networks.
- Notable past activity: an IRGC-affiliated campaign (CyberAv3ngers) compromised Israeli-made devices, impacting at least one municipal water authority in the U.S.
- Recommended mitigations include patching, enforcing MFA, securing edge devices and websites, and preparing DDoS defences; the bulletin links to multiple guidance documents.
Why should I read this?
Short and plain: if you manage IT, run critical infrastructure, or are an Iran-focused activist or journalist, this matters. Canada probably won’t be singled out, but connected systems and people can be caught in the crossfire. Quick wins: patch systems, disable default passwords, enable multi-factor authentication and sharpen your phishing defences.
Author style
Punchy: This bulletin flags concrete, actionable risks rather than vague alarmism. It isn’t an immediate national emergency for Canada, but it highlights credible threats and easy-to-implement mitigations. If you care about resilience or protecting at-risk people, read the full guidance and act now — we’ve done the heavy reading for you.
